May 30, 2008 / by emptywheel

 

The Chinese Turned Out My Lights (Maybe)

Remember that terrible blackout in 2003, that took power out from MI to NY and in between?

It was great fun here in Ann Arbor, for a little while. You could walk down the streets of the city and sushi merchants would come out and pretty much give their sushi away. We had an "apocalypse" barbecue that night, where everyone brought all the meat from their freezer or fridge and any alcohol that was cold, and consumed it in one big gluttonous barbecue. I had a non-electric land-line at the time and a gas stove and it was summer time, so I was pretty comfortable for the whole two-day affair. But it quickly turned our freeways heading west (where there was still power) into parking lots and those with electrical phones lost their communication and aside from the gluttony it was a big expensive mess.

Apparently, the Chinese did it.

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.

Read the whole article, if only for the description of a Chinese hacker accidentally bringing down Florida’s grid while (s)he was trying to map it. Oops.

The whole thing reads to me like a great long advertisement for Richard Clarke’s new book, Your Government Failed You (Clarke is scheduled to do an FDL Book Salon in July). I heard Clarke on Fresh Air yesterday, and he basically argues that the Bush Administration has only just started preparing some kind of response to such cyber-attacks in the last year. Clarke said he had presented a plan to defend against such attacks in 2003, but Bush basically deep-sixed it (at least he’s consistent in rejecting Clarke’s good advice). Given the timing, and given how frequently Clarke mentioned the vulnerability of our nation’s power grid, I would be unsurprised if Bush asked for that report in response to the 2003 blackout.

Harris, too, describes the Administration’s stalling on responding to this threat.

President Bush has personally devoted more high-level attention to the cyberattack issue in the last year or so than he did in the first six years of his tenure combined. Many security experts are surprised that the administration is only now moving to take dramatic measures to improve the security of government networks, because some Cabinet-level and White House officials have been warning about the threat for years to just about anyone who will listen.

Until McConnell, the national intelligence director, personally drove the point home to Bush in an Oval Office meeting in 2006, there was little top-level support for a comprehensive government cyber-security plan. “They ignored it,” one former senior administration official said flatly. “McConnell has the president’s ear.”

(I would imagine Clarke is a top candidate to be that SAO.)

And yet, as we learned the other day, our belated efforts to respond have been plagued by the same kind of secretive paranoia with which Bush always functions.

All in all, this report looks like the kind of report you’d get from a very positive elementary school teacher. "Very nice try, Johnny. It’s so nice to see you trying to finish the homework you’ve been working on for eight years. Now let’s talk about the bare minimum you’re going to need to do in order to actually complete this homework. And no, you can’t have $17 billion dollars for what thus far is still C minus work."

All of which is a very disorganized way of saying you ought to make sure your disaster supplies will support you for longer than just one gluttonous apocalypse party, because you may well need them.

Copyright © 2008 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2008/05/30/the-chinese-turned-out-my-lights-maybe/