Posts

Power Imbalances in Ukraine

The western press is ginning up alarm because hackers caused a power outage in Ukraine.

Western Ukraine power company Prykarpattyaoblenergo reported an outage on Dec. 23, saying the area affected included regional capital Ivano-Frankivsk. Ukraine’s SBU state security service responded by blaming Russia and the energy ministry in Kiev set up a commission to investigate the matter.

While Prykarpattyaoblenergo was the only Ukraine electric firm that reported an outage, similar malware was found in the networks of at least two other utilities, said Robert Lipovsky, senior malware researcher at Bratislava-based security company ESET. He said they were ESET customers, but declined to name them or elaborate.

If you buy that this really is the first time hackers have brought down power (I don’t), it is somewhat alarming as a proof of concept. But in reality, that concept was proved by StuxNet and the attack on a German steel mill at the end of 2014.

I’m more interested in the discrepancy of coverage between this and the physical sabotage of power lines going into Crimea in November.

A state of emergency was declared after four pylons that transmit power to Crimea were blown up on Friday and Saturday night. Russia’s energy ministry scrambled to restore electricity to cities using generators, but the majority of people on the peninsula remained powerless on Saturday night.

Cable and mobile internet stopped working, though there was still mobile phone coverage, and water supplies to high-rise buildings halted.

[snip]

On Saturday, the pylons were the scene of violent clashes between activists from the Right Sector nationalist movement and paramilitary police, Ukrainian media reported. Ukrainian nationalists have long been agitating for an energy blockade of Crimea to exert pressure on the former Ukrainian territory.

There was even less attention to a smaller attack just before the New Year. (h/t joanneleon, who alerted me to it)

Officials said concrete pylons supporting power lines near the village of Bohdanivka, in southern Ukraine’s Kherson region, were damaged on Wednesday night.

“According to preliminary conclusions of experts… the pylon was damaged in an explosion,” a statement from police said on Thursday.

[snip]

Crimean Tatar activist Lenur Islyamov suggested that strong winds might have brought down the pylon and denied that Tatar activists had been behind the latest power cut.

While the physical attack did get coverage, there seemed to be little concern about the implications of an attack aiming to undercut Russian control of the peninsula. Whereas here, the attack is treated as illegitimate and a purported new line in the sand.

I get why this is the case (though the press ought to rethink their bias in reporting it this way). After all, when our allies engage in sabotage we don’t consider it as such.

But the US is just as vulnerable to physical sabotage as cyber sabotage, as an apparently still unsolved April 16, 2013 attack on a PG&E substation in Silicon Valley demonstrated, and as the case of Crimea shows, physical sabotage can be more debilitating. We should really be cautious about what we treat as normatively acceptable.

Obama Will Propose New Efforts to Make Our Creaky Physically Dangerous Critical Infrastructure CyberSafe

One of Obama’s key proposals in tonight’s State of the Union will be yet another effort to shore up the cybersecurity of our critical infrastructure.

As a threshold matter, I find it a remarkable coinkydink that the WaPo just reported the leaked findings of an NIE saying that the Chinese (and Israelis and Russians and the French, but the Chinese are bigger and badder, apparently) continue to rob us blind via cybertheft. I look forward to learning whether this — unlike the convenient drone rule book leaks supporting John Brennan’s confirmation — get reported as sanctioned leaks, as required under the Intelligence Authorization.

And speaking of John Brennan, he’s the Homeland Security Czar. A big part of his job is keeping us safe from precisely these kinds of attacks. So why didn’t he get a single question about why he should be CIA Director considering he has been such an abject failure keeping us safe from cyberattacks? (He was asked a question about CIA’s role in cybersecurity, but not asked to explain why he has been such a failure in his current role.)

Now, frankly, I don’t know that that is much John Brennan’s fault. Folks will say that the problem is — as it has been since Richard Clarke first started fearmongering on this front — that corporations won’t participate willingly and no one is going to make them.

But the proposal — which you’ll see if you tune in — doesn’t change that. It’s still voluntary.

And here’s the thing that all the cyberexperts in the world seem to be missing. Not only are the private owners of our critical infrastructure unwilling to fix their cyberdefenses. They’re not willing to keep their brick and mortar infrastructure up to date either. See, for example, PG&E or ConEd‘s recent records, for example.

Look, if these companies refuse to keep up their physical infrastructure and their cyber infrastructure, there’s probably an underlying reason motivating their negligence that no amount of immunity or winks or risk-free information sharing on the cyber side is going to fix. Moreover, if they are physically fundamentally unsafe, no amount of tinkering with their cybersecurity is going to make them safe. They’ll be vulnerable to a terrorist attack and be vulnerable to not entirely random failures and explosions.

You need to solve the underlying problem if you want to keep our critical infrastructure safe. And yet another EO, particularly one limited to cybersecurity and not affect brick and mortar integrity, will not do that.

Updated: Reading Obama’s longer proposal, it does aim to increase the “resiliency” of our physical infrastructure too. So it is not limited to cyber. That said, the underlying problem remains. Private companies aren’t spending the money to invest in this, whether it is physical resilience (or bare minimum functionality) or cyberdefense.

PG&E’s Profitable Threat to Our Critical Infrastructure

Back when PA’s Department of Homeland Security was investigating anti-fracking activists as potential terrorist threats to critical infrastructure, I noted that the bigger threat to critical infrastructure pipelines was corporations that pocket rate increases rather than dedicating them to maintaining the pipelines.

Just to take one example, who do you think is a greater risk to our oil and gas infrastructure? A bunch of hippie protesters trying to limit drilling in the Marcellus Shale and thereby protect the quality of their drinking water (which is, itself, considered critical infrastructure)? Or PG&E, which sat on knowledge of an extremely high risk pipeline for three years even after setting aside the money to fix it?

Now CA’s Public Utilities Commission is out with audit results that show just how negligent PG&E was.

Pacific Gas and Electric Co. diverted more than $100 million in gas safety and operations money collected from customers over a 15-year period and spent it for other purposes, including profit for stockholders and bonuses for executives, according to a pair of state-ordered reports released Thursday.

An independent audit and a staff report issued by the California Public Utilities Commission depicted a poorly led company well-heeled in its gas operations and more concerned with profit than safety.

The documents link a deficient PG&E safety culture – with its “focus on financial performance” – to the pipeline explosion in San Bruno on Sept. 9, 2010, that killed eight people and destroyed 38 homes.

The “low priority” the company gave to pipeline safety during the three years leading up to the San Bruno blast was “well outside industry practice – even during times of corporate austerity programs,” said the audit by Overland Consulting of Leawood, Kan.

Congresswoman Jackie Speier, who represents San Bruno, enunciates what’s going on perfectly.

“It is truly unconscionable that PG&E was allowed by the CPUC to steal ratepayer monies that should have been spent on safety and, instead, was put in the pockets of PG&E shareholders,” said Rep. Jackie Speier,

Though, if PG&E were Muslim and brown-skinned, they’d call this terrorism, not just theft.

National Transportation Safety Board Identifies the Real Threat to Pipelines: PG&E

A year ago, I suggested that PG&E’s willful incompetence was probably a bigger threat to critical infrastructure and key resources like pipelines than the anti-fracking activists PA investigated as potential terrorist threats.

Just to take one example, who do you think is a greater risk to our oil and gas infrastructure? A bunch of hippie protesters trying to limit drilling in the Marcellus Shale and thereby protect the quality of their drinking water (which is, itself, considered critical infrastructure)? Or PG&E, which sat on knowledge of an extremely high risk pipeline for three years even after setting aside the money to fix it?

Three years ago, PG&E asked state regulators for permission to spend $4.87 million to replace a section of the pipeline associated with the pipe that exploded in San Bruno last Thursday. The 1.42-mile section that ran under South San Francisco, which is more heavily populated than San Bruno, was considered extremely high risk and in need to replacement. Last year, the utility company made a similar request to replace a larger section of the same pipeline, at a cost of $13 million. Rate increases were approved and the plan should have gone forward. Sadly, nothing was done and lives were lost.

The South San Francisco pipeline replacement project was dropped down on the priority list and the money allocated for the work was spent elsewhere. Many experts and laypersons alike are now asking, why didn’t PG&E replace pipes they knew to be extremely dangerous?

It appears the National Transportation Safety Board–which just issued a scathing report on PG&E San Bruno explosion–agrees with me. It’s findings include the following:

  • Had a properly prepared contingency plan for the Milpitas Terminal electrical work been in place and been executed, the loss of pressure control could have been anticipated and planned for, thereby minimizing or avoiding the pressure deviations.
  • PG&E lacked detailed and comprehensive procedures for responding to a large-scale emergency such as a transmission line break, including a defined command structure that clearly assigns a single point of leadership and allocates specific duties to supervisory control and data acquisition staff and other involved employees.
  • PG&E’s supervisory control and data acquisition system limitations contributed to the delay in recognizing that there had been a transmission line break and quickly pinpointing its location.
  • The 95 minutes that PG&E took to stop the flow of gas by isolating the rupture site was excessive.

[snip]

  • The PG&E gas transmission integrity management program was deficient and ineffective.
  • PG&E’s public awareness program self-evaluation was ineffective at identifying and correcting deficiencies.
  • The deficiencies identified during this investigation are indicative of an organizational accident.
  • The multiple and recurring deficiencies in PG&E operational practices indicate a systemic problem.

If the folks running our pipelines suffer from such systemic problems they can’t avoid blowing up nice suburban areas, isn’t that worthy of at least as much focused attention as all the money dumped into boondoggle War on Terror programs?

The Real Terrorists

I’ve started reading through J. Edgar Hoover’s files the reports a contractor developed for PA’s Department of Homeland Security that describe political activism as a terrorist threat; Governor Rendell has made them publicly available here. I’ll have more to say about them later (though feel free to add comments on them below).

But for the moment, I’d like to unpack the underlying premise.

The whole idea behind collecting this information and sharing it with private sector entities like oil drilling lobbyists arose as part of efforts to protect our critical infrastructure from terrorist attack after 9/11. US DHS describes the imperative to protect critical infrastructure and key resources (CIKR) this way:

Why is CIKR Protection Important?

  • Attacks on CIKR could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident.
  • Direct terrorist attacks and natural, manmade, or technological hazards could produce catastrophic losses in terms of human casualties, property destruction, and economic effects, as well as profound damage to public morale and confidence.
  • Attacks using components of the nation’s CIKR as weapons of mass destruction could have even more devastating physical and psychological consequences.

The Homeland Security Act of 2002 provides the primary authority for the overall homeland security mission. This act charged the Department of Homeland Security with primary responsibility for developing a comprehensive national plan to secure CIKR and recommend “the measures necessary to protect the key resources and critical infrastructure of the United States.” This comprehensive plan is the National Infrastructure Protection Plan (NIPP), published by the Department in June 2006. The NIPP provides the unifying structure for integrating a wide range of efforts for the protection of CIKR into a single national program.

And here’s what the federal government’s Department of Homeland Security considers critical infrastructure, which is how the ITRR organized the reports it gave to PA’s DHS:

So you see, because “attacks on CIKR could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident,” PA (and surely other states) are collecting information about the lawful political organizing of anti-drilling and animal welfare activists, among others.

What I want to know is why we regard terrorist attacks to be the greatest threat to our transportation system? To our water? To our food system?

And most of all, to our banking and finance system?

Just to take one example, who do you think is a greater risk to our oil and gas infrastructure? A bunch of hippie protesters trying to limit drilling in the Marcellus Shale and thereby protect the quality of their drinking water (which is, itself, considered critical infrastructure)? Or PG&E, which sat on knowledge of an extremely high risk pipeline for three years even after setting aside the money to fix it?

Three years ago, PG&E asked state regulators for permission to spend $4.87 million to replace a section of the pipeline associated with the pipe that exploded in San Bruno last Thursday. The 1.42-mile section that ran under South San Francisco, which is more heavily populated than San Bruno, was considered extremely high risk and in need to replacement. Last year, the utility company made a similar request to replace a larger section of the same pipeline, at a cost of $13 million. Rate increases were approved and the plan should have gone forward. Sadly, nothing was done and lives were lost.

The South San Francisco pipeline replacement project was dropped down on the priority list and the money allocated for the work was spent elsewhere. Many experts and laypersons alike are now asking, why didn’t PG&E replace pipes they knew to be extremely dangerous?

And while multiple layers of government make sure the PG&Es of the world know about those hippie protesters, they can’t be bothered to require the utilities or pipeline operators to actually return the favor by revealing where the pipelines at risk of explosion are.

In a letter sent Friday, the executive director of the California Public Utilities Commission, Paul Clanon, sought the location of each pipeline segment on the list as well as a “detailed description of the criteria PG&E uses in deciding which pipeline segments to characterize as high-priority projects.”

Clanon defended the delay in seeking the list, whose existence PG&E disclosed as early as 2007, saying the agency didn’t see the need for the information before. Just because a site is on the list doesn’t necessarily mean it is dangerous, he said, adding that it’s not his agency’s role “to run the day-by-day activities of the utility.”

Leave aside our wholesale neglect of these elements of critical infrastructure themselves–the crumbling of our pipelines and roads and financial system because neither the public nor the private sector want to spend the money and time to keep them together–and focus on the information gathering part of it.

Because terrorism is somehow a greater threat to our country than PG&E’s neglect or Wright County Egg’s negligence or Lehman’s greed, we collect and share information on hippies. But not on the pipelines that will explode of their own accord, with action from neither hippies nor terrorists.

Updated to fix typo, “Communities” instead of “Communications.”