Wednesday Morning: Ashes to Ashes
This year we will be mindful of water. We take it for granted every time we turn on the faucet. Yet our brethren go without in nearby Flint, in spite of water’s essential nature to life. I’ll donate the money I would have spent on 46 days of meat-based meals to Flint’s United Way Water Fund and the Food Bank of Eastern Michigan, as both organizations are helping distribute water and filters to Flint residents. Last night’s Boil Water order issued because of a water main break only underlines the difficulties Flint’s residents will face until the entire water system is replaced.
Dept of Duh: Director of National Intelligence says Internet of Things can be used to spy
NO! Say it isn’t so! Like it never occurred to us that any device attached to the internet, including the growing number of WiFi-enabled household appliances, might be used to spy on us.
Volkswagen recalls cars — and not because of emissions
VW didn’t need more trouble; this time, it’s not the German car makers’ fault. 680,000 VW-branded vehicles are being recalled because of Takata-made airbags which may be defective. TAKE NOTE: Mercedes-Benz models were also recalled yesterday.
Toyota, Honda, Acura, BMW, Nissan, Subaru, GM, Ford, Chrysler, and Daimler also issued recalls over the last two years for the very same reason — defective Takata-made airbags. See this article for a running timeline of events related to the recalls as well as a list of affected vehicles (to date).
Attacking the grid? Try a squirrel first – hacking is much harder
A honeypot mimicking an energy management system demonstrated the challenge to hackers trying to crash a power grid. Dewan Chowdhury, MalCrawler’s founder, spoke at Kaspersky Lab security Analyst Summit about the knowledge set needed to attack energy systems:
“It’s extremely difficult. You’ can’t just be a NSA or FSB hacker; you need an electrical engineer on board to weaponize attacks and figure out what’s going on … When it comes to weaponization, you need a power substation engineering who knows what needs to be done and tested.”
After reading about Chowdhury’s presentation, I have two caveats. The first is the notion that an “electrical engineer” or a “power substation engineer” is required. Many non-degreed workers like electricians and technicians are familiar with computers, networks, and SCADA equipment. The second is this bit:
The groups had access to the HMI, which would allow them to manipulate the grid, but Chinese, U.S., and Russian groups, he said, stick to a gentlemen’s agreement and leave the grid alone. Middle Eastern actors, however, will try to perform control actions to sabotage the grid.
A “gentlemen’s agreement”? When do the gloves come off? When one of these actors align with a Middle Eastern actor?
Global disaster — how would you respond?
In case a mess of squirrels are deployed to take down the world’s power grids, one might need to know how to deal with the inevitable meltdown of services. Johns Hopkins Center for Civilian Biodefense Strategies modeled a global disaster in 2013 by way of a simulation game. The results were predictable:
What they discovered was that the country was ill prepared to cope. Within two weeks there would be enormous civilian casualties, a catastrophic breakdown in essential institutions, and mass civil unrest. Food supplies, electricity and transport infrastructures would all collapse.
International security scholar Dr. Nafeez Ahmed was asked how people should respond; he offered a nifty guide, outlined in six points.
But disaster isn’t always global, and current cases show our gross inability to respond to limited disasters. Flint, for example, already struggles with running water, item number three on Dr. Ahmed’s list. Conveniently, Flint doesn’t necessarily rely on government or law enforcement (item number four) because neither responded appropriately to the ongoing water crisis. What remains to be seen is whether Flint will muster long-term self-sufficiency (item number six) as government and law enforcement continue to let them down.
Speaking of Flint, I wonder how today’s Democratic Steering and Policy Committee hearing on Flint’s water crisis will go, as Michigan’s Governor Rick Snyder declined to appear.
“Don’t necessarily trust the government or law enforcement” in global disaster, indeed.
Love your phrase “the inevitable meltdown of services”. The latest David Poyer novel (this time Lenson actually goes to war with China) includes a scenario in which Chinese cyberattacks on the US financial system are quite effective, first shutting down the stock markets, then financial institutions in general. And it had this one interesting tidbit: “[a]nother cyberattack had corrupted the four central servers that processed transactions for the self-service automated pumps at gas stations, halting truck and delivery service across the country.” That sounds farfetched, doesn’t it? That one nationwide system of credit card terminals would be independent of the banks? Or maybe not – I don’t know how these things work. In any event, it’s a nice point, because it identifies a piece of infrastructure that is (1) digital/computerized, (2) Internet-dependent, (3) one we almost never think of, and (4) actually quite critical to keeping the country “running”. Self-serve gas pumps – who’da thunk it?
Having noticed the dish antennas on top of the station roofs, and knowing that its’ possible to pay inside as well as at the pump (and having done that more than once, because the pump readers don’t always work) – yeah, I can believe it. Also – just about any store that takes plastic will have something similar.
Here’s the answer to one of the main questions about the Flint Water fiasco:
Bacteria fears left Flint water pipes unprotected; Detroit Free Press; 2/9/16
http://www.freep.com/story/news/local/michigan/flint-water-crisis/2016/02/09/flint-corrosion-control-omitted-over-bacteria-concerns/80072284/
“Flint’s former public works director [Howard Croft] said officials decided to hold off on adding corrosion-control chemicals when treating water from the Flint River because they were worried that doing so would increase the amount of bacteria in the city’s drinking water. […] Sept. 3, 2015, e-mail […] “Most chemicals used in this process are phosphate-based and phosphate can be a ‘food’ for bacteria,” Croft said. […]”
The FOIA’d e-mail indicates that this was discussed with the engineering firm and MDEQ. E-mail was sent to [among others] Walling and MDEQ’s Prysby.
“[…] In the same September e-mail, Croft went on to say that “we are currently designing a (corrosion-control) optimization plan with the engineering firm that will be presented to the DEQ and upon approval we expect to have it implemented by January 2016.”
Engineering firm might be “Lockwood Andrews & Newman (LAN Engineering), a Houston firm that has an office in Flint.”
“Same old sins seen in state e-mails on Flint crisis”; Detroit Free Press; Editorial; 2/10/16
http://www.freep.com/story/opinion/editorials/2016/02/10/flint-water-emails/80074184/
“[…] This week, newly released emails show that a member of the Michigan health department told her co-workers that the governor’s office was in the loop on the Legionnaire’s spike — in October 2014. […]”
If this email was from early 2014 I might accept this premise about the lack of corrosion control but it seems more like an attempt to excuse their earlier decisions that we don’t know the reasons for. They know how to control bacteria in the water with chlorine and other methods so this reason being documented more than a year after the switch to the Flint River water appears suspect.
bloopie2 (10:19) — Thanks. And yeah, amazing the digital linchpins in our daily lives we don’t think about if we even know about them at all. Waiting for models to look at attacks on major grocery chains next–how many are also tied to their own gas stations?
harpie (10:28) — Much appreciate the links on Flint. I’m slowly building a timeline on Flint, will see if those two articles flesh out more of the story. So many huge gaps. The human toll is awful; as leery as I have been about National Geographic since NewsCorp bought them out, this piece tells some of the compelling human story.
Dr. Ahmed seems to be oscillating back and forth from the catastrophe being infrastructurally destructive and the catastrophe being a pandemic. And he has the classic security expert head up his ass about going rural.
Yes, you need water and arable land, but you also need seed, and you need a whole growing season. Just ask the people headed towards one of the worst kinds of famine imaginable right now in South Sudan, where IPC levels are between 3-5 in the middle of harvest season.
In a non-infrastructurally destructive catastrophe like a pandemic, there is no reason to believe that all the electrical and radio based systems will come down and solar will be the only power. There is a reason for being able to hear bulletins and get access to WASH precautions though. Be careful what you predict: If power really is out during a pandemic, good luck in many rural areas getting enough water to maintain hygiene. There is a reason why the average casualty in war dies of thirst.
Full disclosure, I’m on a call-down list for ramping up health care in the event of a pandemic, as well as for providing relief in most of the infrastructural cases, and the plans are not as nefarious as Dr. Ahmed says. The notion that you should suddenly stop trusting all public institutions as a matter of principle in the middle of a massive disease outbreak is sheer la la land idiocy.
Well said, thank you.
Speaking of global crises: Per the WSHU website: “In 2014, the state of Connecticut quarantined nine residents due to fears of Ebola. They’d just come back from Liberia, one of the countries at the center of the Ebola outbreak in West Africa, but they didn’t have Ebola. Eight of the nine are now suing the state in a lawsuit filed by students at Yale Law School.” A classic example of a government panicking and overreacting. I’m not saying they should have been prepared for Ebola – who was, after all? Just that they tend to do things that seem politically correct, rather than just plain correct. Folks, try spending more time on preventing crises (infrastucture,anyone?)
haarmeyer (12:09) —
I point again to Flint, where government is actively obstructing efforts to deal with a relatively small disease outbreak as well as mass poisoning. What would happen here if this same situation expanded to the biggest city in Michigan — Detroit? We already know. We’re living it.
People will still rely on public agencies, as they should, but they would be absolutely naive or in denial to believe public agencies will uniformly act in the best interest of the public, or provide all the solutions. We have proof government doesn’t act that way. Cripes, this entire website is proof.
EDIT: I meant to note your criticism of Dr. Ahmed, while ignoring the assesstment of the 2013 Johns Hopkins Center for Civilian Biodefense Strategies simulation. Denial ain’t just a river in Egypt.
If a catastrophic pandemic happens, what happens to me is that I become extra hands treating patients in cooperation with the county hospital, a government institution. The plans for how that happens are exactly those for the incident command system, which is transparent and anyone in the country can take the three incident command courses online any time they want to. The plans for our scope of practice and medical direction are also transparent and can be found in the places where they are printed: NHTSA, the county EMSA site, the state EMSA site, etc. Your own problem if you don’t understand what’s written there.
The point of me rebutting in this way is that there is nothing secret about the response nor is there anything nefarious about it. That said, if you think there will be door-to-door platinum services for everyone in a catastrophe, that’s unrealistic and people in the event of a shelter in place or one of the other types of (infrastructural) disasters are asked to be able to subsist for 2 weeks.
What’s happening in Flint is not a pandemic, and it’s not a natural disaster or armed conflict. Spraying the blame out over the humanitarian community who would respond in those cases for what’s happening out of your governor’s office due to his criminality isn’t very fair to that community. Are the NPOs, NGOs, the Red Cross and all the other agencies in on the lead pipes or are they handing out the water?
I’ve been in training drills that don’t go smoothly. You, I guess, get read about them. The difference is that I participated in the lessons learned afterward, we drilled on practices that needed work, we found out about interoperabilities that were missing. You on the other hand end up reading about how ridiculous everything is courtesy of a press that finds fault first and understands later. You get to criticize anything and everything about those services, and that’s fine. But just once it ought to be acknowledged that when they raise the minimum wages in most states there are whole counties’ worth of emergency medical personnel that will get an automatic raise. Maybe it isn’t a nefarious government, maybe it’s that you get what you pay for.
In the event of a pandemic, the CDC is the lead authority on treatment protocols, testing and a host of other services, and is filled with experts much better at public health than anyone I’ve seen writing at blogs. I would encourage people if they end up in such a situation to trust CDC before they trust rumor on the internet, thank you.
You’re right, denial is not a river in Egypt. And denying that various government services become essential during crises is bullshit activism. The largest hospital in our county, the largest hospitals in the adjoining counties, the med evac services and all of the EMSAs are government services.
Concentrate your fire on miscreants and criminals like the governor you Michiganians elected. I’m not the enemy.
The lies, misinformation and gross negligence displayed by our government institutions is what is driving the rumor mills on the internet, along with some help from opportunists and fools, because many people view them as untrustworthy. This doesn’t mean that there aren’t good dedicated professionals in those institutions but that they are often discredited by their own administrators with the backing of some of their own college’s.
You have probably seen firsthand how vulnerable these systems are to incompetence and personality, especially from political appointees, with your first responder work and everyone has seem how easily they can cease to function as happened in NOLA.
The pandemic scare seems overblown and the training for such an unlikely scenario appears to be training for other eventualities natural or manmade . Whatever the next major emergency is these response systems will probably fail if it is large enough and lasts long enough. I don’t envy your position trying to hold up civilization as it disintegrates around you.
haarmeyer (3:25) — Doesn’t matter how prepared you believe hospitals and other frontline medical responders are when government attacks them — like Michigan did when Dr. Mona Hanna-Attisha disclosed lead poisoning in Flint.
The medical community is just as responsible for the government we have, either because they’ve voted for these profiteering fascists, donated money to their campaigns, or failed to go to the mats against them. Medical personnel are part of society, too.
Save your “But…” — I’ll give you a choice example in Dr. Roger Kahn, who was a state senator here in Michigan, who was the deciding vote on legislation prohibiting lawsuits against medical product manufacturers. Michigan is the only state in the union with such a law on the books, and the medical community failed to protest against one of their own.
Where are the medical professionals now in Michigan with regard to Snyder’s failures? Where are they when one of their own was attacked by the government in order to hide their malfeasance and gross negligence?
“Where are they…?” Right. Where were you why aren’t you just as culpable?
You do this every time you talk about medicine. I know exactly what problems our medical system has here, and I don’t discount them at all. What I originally said was that someone who urges people to stop trusting all public institutions during a pandemic is crazy. I hold with that. Your Dr. Hanna Attisha is a public health person working for the University of Michigan — in other words, she’s a government employed worker in PH, just the kind of people you think I shouldn’t defend and Mr. Ahmed thinks we should distrust in an emergency.
The “Squirrels Can Blow Power-Grids!!” assault on the piece-of-mind (one, shared, I believe) of the Chicken-Little population is a chestnut: Squirrels and power-lines have been living in symbiosis for generations, from the first stringing of the first power-lines (here including telephone before that, and telegraph before that). The trick, not even learnt, for having been known from clothes-lines for countless generations before then, was, is, has always been, and will always be, where power and grounding lines are strung parallel and in plane, to string them more than a squirrel-width apart (more than a cat-width, too, since cats also walk lines) so the critters have to walk a single line, not two. Bare-wires also discourage (unless large diameter), since they provide difficult footing. Squirrels don’t chew wires, it is rats that do that, who do climb and who used to to chew the tar used in wire insulation sweet, and were a problem in the days of tar-and-fabric/string insulation.
The real potential transmission-system power-grid problem-causers are birds, especially crows and ravens, who are curious about bright things: A chrome or cadmium-plated fastener, especially if shining in the sun, is a must-peck object for a crow. Thus, in many areas bright hardware is mandatorily daubed with black on assembly, repair, replacement, etc.
How the problem? As the crow pecks it closes the circuit, which cramp-clamps it, beak on bright object, feet on perch object, so there is not letting go as the crow fries. The time it takes for the crow to fry is long enough to blow successive safety switches to trip out breakers, for which one curious crow can blow out power to more homes than a determined drunk who chooses the wrong one of the two power-poles he sees to be the mirage one.
It’s a short trip as the crow fries:)
Jeez wheelers you’re a tough audience. I commit half a dozen offenses against the english language in 8 words while staying faithful to Evangelista’s presentation and can’t even get a groan.
;p
.
The problems I’ve heard of haven’t been at wires, but at transformers.