Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)

from the uncommon-common-sense dept

Fri, Jan 3rd 2014 9:20am — Glyn Moody

Via Bruce Schneier's blog, we learn of the following intriguing story published in Foreign Policy:

Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks -- or groups of transformers -- were hit in another, according to a PG&E spokesman.

Oil then leaked from the transformers, causing them to overheat and shut down. However, there were no major power outages, and no long-term damage. The Foreign Policy post gives a good summary of what we do and don't know, and is well-worth reading in full. As Schneier comments: The article worries that this might be a dry-run to some cyberwar-like attack, but that doesn't make sense. But it's just too complicated and weird to be a prank.

Anyone have any ideas?
Feel free to theorize in the comments about what happened last April. Absent further information, I'd like to focus here on the following perceptive analysis from the article: At the very least, the attack points to an arguably overlooked physical threat to power facilities at a time when much of the U.S. intelligence community, Congress, and the electrical power industry is focused on the risk of cyber attacks. There has never been a confirmed power outage caused by a cyber attack in the United States. But the Obama administration has sought to promulgate cyber security standards that power facilities could use to minimize the risk of one.
This fixation on "cybersecurity" is something that Techdirt has been pointing out for a while. It seems largely driven by canny defense and security companies hungry for profitable contracts, which are able to take advantage of politicians intimidated by technology and worried about seeming "soft" on "cyberterror." Kudos, then, to Jon Wellinghoff, the chairman of the Federal Energy Regulatory Commission, who seems to have more common sense than most of his colleagues: A shooter "could get 200 yards away with a .22 rifle and take the whole thing out," Wellinghoff said last month at a conference sponsored by Bloomberg. His proposed defense: A metal sheet that would block the transformer from view. "If you can't see through the fence, you can't figure out where to shoot anymore," Wellinghoff said. Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security of critical infrastructure in the United States and on government computer networks.
Quite.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, physical security, power grid, security, threats

39 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 3 Jan 2014 @ 8:51am

Price tag? A "couple hundred bucks."

And that's why such sanity would never manage to be widespread in politics, it's wicked hard to get good kick-backs and 'future employment opportunities' unless some company stands to make millions from a contract.
[ link to this | view in chronology ]
- Ben (profile), 3 Jan 2014 @ 9:14pm
  
  Re:
  Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security
  A couple of hundred bucks for one facility. How many electrical transformer sites are there? The comparison is false.
  
  I also doubt it would be "a couple hundred bucks" but more likely "a couple thousand bucks", but a million sites at a thousand a site would still be significantly less than the cybersecurity money pit.
  [ link to this | view in chronology ]
  - btrussell (profile), 4 Jan 2014 @ 9:17am
    
    Re: Re:
    I doubt $200 would pay for the installation let alone a metal wall.
    [ link to this | view in chronology ]
    - That One Guy (profile), 5 Jan 2014 @ 7:51pm
      
      Re: Re: Re:
      Depends on what the 'wall' is supposed to do. For a sheet of metal thick enough, and installed securely enough to stop bullets, yeah, you'd probably be looking at at least a thousand between materials and installation.
      
      However, what it sounded like from his comment:
      
      His proposed defense: A metal sheet that would block the transformer from view. "If you can't see through the fence, you can't figure out where to shoot anymore," Wellinghoff said.
      
      ... is that the sheet is only supposed to block the critical parts from view, so any potential shooter would have no easy way to target important pieces, and would either have to get past the sheet/fence, or just shoot blindly and hope they hit something important.
      [ link to this | view in chronology ]
      - btrussell (profile), 18 Jan 2014 @ 12:30pm
        
        Re: Re: Re: Re:
        A piece of metal just big enough to obscure me from view makes me an identifiable target, not a protected one.
        [ link to this | view in chronology ]
  - RonKaminsky (profile), 5 Jan 2014 @ 12:35pm
    
    Re: Re:
    Not only are you correct about the improper comparison, I would like to point out that anyone really serious about shutting down a facility like the one which was attacked could easily gather intelligence from an unmanned drone, and then attack it with, for example, bombs/grenades launched from a small truck-mounted catapult. Or even possibly just with small rockets designed to drop metal cables in the proper locations --- no explosives necessary.
    
    Spending money to defend against the chance of someone attacking would almost certainly not be cost-effective, however, unless the likelihood of such attacks would increase dramatically. How unfortunate that human psychology is irrationally biased towards favoring safety against vanishingly rare but dramatic risks and ignoring common, small ones (like having less money because electricity is more expensive).
    [ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 9:36am

Bucks
Why spend a couple hundred bucks when you can spend a couple billion?
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 10:02am
  
  Re: Bucks
  More than likely, these "attacks" on PG&E infrastructure were by PG&E customers who could no longer pay their bills.
  
  Take it from a PG&E customer - the real terror is when you receive the bill in the mail and open it.
  [ link to this | view in chronology ]
Arthur Moore (profile), 3 Jan 2014 @ 9:38am

While I agree that it would still be cheaper, we still need to compare the cost of all the substations, not just one. Plus that hundred bucks estimate doesn't include labor and kickbacks.

Nearly the same point was made in the first comment of the slashdot discussion: http://hardware.slashdot.org/story/13/12/29/0118228/hearing-shows-how-military-style-raid-on-calif-p ower-station-spooks-us
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 9:43am
  
  Re:
  Even with those considerations it'd still be considerably cheaper, and more useful than the money they're throwing at cyber security.
  [ link to this | view in chronology ]
  - Anonymous Coward, 3 Jan 2014 @ 10:11am
    
    Re: Re:
    Except for the Representatives who have family in the cybersecurity business.
    [ link to this | view in chronology ]
- John Fenderson (profile), 3 Jan 2014 @ 10:09am
  
  Re:
  doesn't include labor and kickbacks
  
  Kickbacks? I think you misspelled "bribes".
  
  Have we reached the point where we have to start budgeting for outright bribes now? If so, then we really have become a second-rate nation.
  [ link to this | view in chronology ]
  - BernardoVerda (profile), 5 Jan 2014 @ 5:42pm
    
    Re: Re:
    >> doesn't include labor and kickbacks
    
    > Kickbacks? I think you misspelled "bribes".
    
    These days, aren't they called "earmarks"?
    [ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 9:39am

reminds me of the line in the movie with Jody Foster, Contact, in which someone (i cant remember who) asks 'why have 1 when you can have 2 at twice the price?' in other words, spend as much as possible and dont worry about how much is wasted doing ridiculous tasks when a modest sum would do a better job! the companies involved can say 'thanks' in nice ways!
[ link to this | view in chronology ]
PRMan, 3 Jan 2014 @ 9:53am

Space Pen?
The US spent millions inventing a pen that would work in zero gravity. The Russians used a pencil.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 9:59am
  
  Re: Space Pen?
  The Russians started buying the space pen a few years after it became available because pencils in space suck:
  
  http://www.snopes.com/business/genius/spacepen.asp
  http://en.wikipedia.org/wiki/Space_Pen
  http:// en.wikipedia.org/wiki/Writing_in_space
  [ link to this | view in chronology ]
- John Fenderson (profile), 3 Jan 2014 @ 10:12am
  
  Re: Space Pen?
  The US didn't spend anything, let alone millions, developing the space pen. They spent nothing. The Fisher Pen company spent $1 million developing it. NASA bought the pens from them for $2.39 each.
  [ link to this | view in chronology ]
  - Anonymous Coward, 3 Jan 2014 @ 10:41am
    
    Re: Re: Space Pen?
    thank you, amateur mythbuster...
    [ link to this | view in chronology ]
    - Anonymous Coward, 3 Jan 2014 @ 1:57pm
      
      Re: Re: Re: Space Pen?
      You can buy them from Fisher for $10.00 for a cheap one with $6.00 refills.
      
      http://www.spacepen.com/
      [ link to this | view in chronology ]
Richard (profile), 3 Jan 2014 @ 10:05am

The average politician
The average politician or CEO of a major company is an absolute sucker for a canny salesman.
[ link to this | view in chronology ]
stryx, 3 Jan 2014 @ 10:16am

Strike
Well I'd say this is obviously a Harlequins/Travelers vs. IBM-um Tabula/Brethren type situation.

Panopticon disprution.

http://www.research.ibm.com/labs/almaden/

http://www.amazon.com/John-Twelve-Hawks/e/B001JS 0JPS
[ link to this | view in chronology ]
TasMot (profile), 3 Jan 2014 @ 10:17am

The Reign of Terror is beginning...
So, somebody (read power consumers) should cough up millions of dollars to do "something" about an isolated incident. A little bit of risk assessment is in order before letting out the contracts for millions of dollars for cyber security or steel walls.

The power companies could/should evaluate their systems to see where there are any critical places and then determine how to secure them. The power grid is a very big distributed system that covers thousands of miles of power lines and remote substations. It would take a big coordinated effort to "take it out" unless a major junction could be hit. That type of effort would require a LOT of people to pull it off with very good coordination or a lot of very well coordinated timers that could be set to go off weeks in advance while somebody runs around the country putting lots of them in place.

So the big question is whether or not this is a one node trend or in reality an isolated incident (like an angry customer in another post).

Part of a terror campaign is to actually cause terror in people. Since this happened a year ago, it seems like calling it a "cyber terror" attack and spending a billion dollars to fix it seems like an overreaction.
[ link to this | view in chronology ]
aldestrawk (profile), 3 Jan 2014 @ 10:41am

NERC CIPC report
from: http://www.texasre.org/Lists/Calendar/Attachments/605/Item%204d%20-%20NERC%20CIPC%20Report%20to%20TR E%20MRC%20-%202013Jun14.pdf

Silicone Valley Area � Adjacent to City of San Jose, CA � Between US 101 and a 600 MW Calpine generating plant.
Communication vaults for two communications providers damaged prior to substation attack. AT&T first. Then Level 3 Communications. Fiber cut flush with conduit entrance to vault to make repairs more difficult. Team apparently brought ladders or ropes to access the Level 3 vault.
Although utility communications went through those vaults the utility has alternate communications paths through microwave communication links. Communications to substation was not interrupted.
911 communications affected by the communications interruptions. Communications cut off to closest three towns from AT&T cut. Generating plant communications cut off by Level 3 vault attack.
Fence alarm detection, cameras on fence line, card reader access through fence. Fence alarms triggered three times due to bullets hitting fence. Attackers never entered substation.
More than 120 - 7.62x39 rifle rounds fired at autotransformers. 10 of 11 � 500/230 kV transformers and 3 of 4 � 230/115 kV transformers damaged and taken out of service. Only energized transformers shot.
Shots fired primarily low on the radiators. > 51,000 gals of oil spilled. Transformers tripped due to high temperature or low oil as cooling lost. First alarms came in about one minute after first shots detected.
Appears to have been a team of multiple people not just one or two. Spotters, shooters, communications attack, etc.
[ link to this | view in chronology ]
Jeffrey Nonken (profile), 3 Jan 2014 @ 10:52am

There was a computing device in the same room as the attackers when they were planning the raid, therefore it was a cyber attack.
[ link to this | view in chronology ]
Jerrymiah, 3 Jan 2014 @ 10:55am

Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)
This attack was orchestrated by the NSA to influence the US gov and public that terrorist groups were still active and attempting to implement attacks.
[ link to this | view in chronology ]
greenbird (profile), 3 Jan 2014 @ 11:02am

NSA
The key question is why the NSA with all their absolutely critical data collection wasn't able to prevent this.
[ link to this | view in chronology ]
- Anonymous Coward, 3 Jan 2014 @ 11:31am
  
  Re: NSA
  apparently their "dots" were so numerous that when they connected them, they got a picture of an elephant in the room.
  [ link to this | view in chronology ]
- TasMot (profile), 3 Jan 2014 @ 12:19pm
  
  Re: NSA
  You silly, because they used cutters and guns, not phones or the Internet. Stupid wire cutters and guns are not joined to the "Internet of Things" yet........
  [ link to this | view in chronology ]
  - Niall (profile), 6 Jan 2014 @ 5:42am
    
    Re: Re: NSA
    Neither were 9/11 and Boston. I think he meant that there was no 'intelligence' of the planned activity, which doesn't sound totally spontaneous.
    [ link to this | view in chronology ]
aldestrawk (profile), 3 Jan 2014 @ 11:17am

I remember, while growing up, during the revolutionary days of the late 60s and early 70s that people would bomb the towers supporting long distance power transmission lines. My idea was to shoot cables over the lines with a crossbow to short them out. Not that I ever thought about doing that seriously. I am not even sure that would work. The, rather conservative, dad of a friend of mine in high school, who was a civil engineer, said that somehow allowing the pumps that pumped water from the Central Valley in California over the Tehachapi mountains to LA to run in reverse would destroy those pumps which would take weeks to repair. Nowadays, one may be able to do that via the Internet but you cannot ignore physical security. Cybersecurity is very sexy these days and the media loves to focus on it and the expert color commentators they use, who are probably likely to profit, find this a great way stoke FUD.

I suspect whoever did this substation attack has similar motivations. The group that did this had some knowledge about the systems but not enough to show that it was some kind of insider attack. Four years ago, some fiber optic cables were cut nearby in San Jose cutting communications to parts of Silicon Valley and Santa Cruz County. That may have been an insider attack though (authorities still don't know who or why). All the heavy equipment at Granite Rock's Quail Hollow sand quarry in Santa Cruz county, CA were damaged when someone put a substance into the gas tanks which was very effective in destroying the engines. This happened, I think, last spring around the time of the substation attack.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 11:40am

We need to find out where these attackers are from and go invade a different country in that geographical region!
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 11:42am

I'm William of Ockham, and my money is on the environmentalists.
[ link to this | view in chronology ]
Crusty the Ex-Clown, 3 Jan 2014 @ 12:27pm

I guess I misread the second amendment...
...I thought it guaranteed the right to arm bears. Now wandering groups of armed, hungry bears are attacking substations and mistaking humming transformers for gigantic hives full of bees and honey. BTW, bears don't need no stinkin' ropes or ladders to clamber around in vaults.
[ link to this | view in chronology ]
Anonymous Coward, 3 Jan 2014 @ 12:39pm

Getting paid to divert physical threats requires effort because physical threats are a real problem that do in fact exist and can happen and so there is work to be done to divert them.

Getting paid to divert a non-existing problem is cheap and easy so why not just lobby congress to pay you to divert non-existing problems. There is no work to be done because there is no problem in the first place.

I know what I'll do. We are all going to get attacked by a bunch of unicorns from outerspace tomorrow. Congress needs to pay me to defend against this threat.
[ link to this | view in chronology ]
Reserve4Todd (profile), 3 Jan 2014 @ 12:52pm

Ideas for the attack
Were there any casinos nearby whose vaults were soon after emptied?
[ link to this | view in chronology ]
ECA (profile), 3 Jan 2014 @ 2:44pm

lets look at a few things
1. MOST utilities are very easy to disturb. If you understand how they are setup and distributed, its very easy to take sections DOWN.
2. What a propaganda experiment..(real or NOT)
3. Long ago, many services were looking at placing MOST of the service under ground.. YOU STILL need access.. and if you dont LOCK IT DOWN, it can be accessed.

Considering how the system is built..THESE persons, did some damage, and it DIDNT AFFECT ANYONE?? I am TOTALLY amazed.
[ link to this | view in chronology ]
Anonymous Coward, 4 Jan 2014 @ 2:45am

"Anyone have any ideas?"

Neo wanted to visit the Architect?
[ link to this | view in chronology ]
GEMont (profile), 4 Jan 2014 @ 9:22am

Shock Testing.

After all, its silly to depend on real terrorists to get the job done right, unless you train them yourself.

Failing the creation of a large war to distract the population from the activities of the Commercial Government of the USA, the only other possible route would be a huge "natural" disaster that killed hundreds of thousands and left millions homeless across the USA.

There's a certain minimum limit to the level of an atrocity, or rather the public's reaction to it, that makes it effective. If there's too little damage, too few people die, the ruse might not work. This is why War is the favorite scam in these sorts of situations. Lot of damage and lots of death and lots of positive public response because we're used to war and know what to expect and can quite readily switch our anger with the government for anger against the new foreign foe.

But massive homeland disasters are the next best thing.

Looks like at least one of these spooks in high places has read "Steal This Book".
[ link to this | view in chronology ]
Anonymous Coward, 5 Jan 2014 @ 7:35pm

Theory: Disgruntled employee. Angry customer. Etc.
[ link to this | view in chronology ]