Report: Massive Vulnerability Detected In National Power Grids: “There Is No Way to Stop This”

Mac Slavo

If you think that our multi-billion dollar electrical power grids are secure and capable of withstanding a coordinated attack, think again.

Vulnerability of US power grid exposed

According to one group of engineers, the grid is so vulnerable that it wouldn’t even require a skilled hacker to compromise. In fact, when Adam Crain and Chris Sistrunk decided to test some new software they were developing they identified a vulnerability so serious that it could literally blind operational controllers to such an extent that they would be locked out of monitoring systems and unable to maintain grid integrity.

The consequences, according to the engineers who note they are in no way security specialists, could be a total downing of the national power grid with nodes across the nation being taken over all at once. Moreover, the same systems used to maintain the U.S. power grid are also being used in other industries, like water treatment facilities.

You’d think that such a vulnerability would be a top priority for the Department of Homeland Security, considering they are spending millions of dollars and promoting their coming Grid Ex exercise in November.

But you’d be wrong. The kicker is that when Crain and Sistrunk advised the DHS Industrial Control Systems Cyber Emergency Response Team, they got what essentially amounts to no response. It took Homeland Security a full four months before they even acknowledged the problem.

The two engineers who discovered the vulnerability say little is being done.

Adam Crain and Chris Sistrunk do not specialize in security. The engineers say they hardly qualify as security researchers. But seven months ago, Mr. Crain wrote software to look for defects in an open-source software program.

The program targeted a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems. Utility companies use S.C.A.D.A. systems to monitor far-flung power stations from a control center, in part because it allows them to remotely diagnose problems rather than wait for a technician to physically drive out to a station and fix it.

Mr. Crain ran his security test on his open-source DNP3 program and didn’t find anything wrong. Frustrated, he tested a third-party vendor’s program to make sure his software was working. The first program he targeted belonged to Triangle MicroWorks, a Raleigh, North Carolina based company that sells source code to large vendors of S.C.A.D.A. systems.

It broke instantly.

“When Adam told me he broke Triangle, I worried everything else was broken,” said Mr. Sistrunk.

Over the course of one week last April, the two tested Mr. Crain’s software across 16 vendors’ systems. They did not find a single system they couldn’t break.

By the end of the week, the two had compiled a 20-page report replete with vulnerabilities in 16 different system vendors for the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, I.C.S.-C.E.R.T., which notifies vendors of vulnerabilities and issues public advisories.

And then, they waited. It would take I.C.S.-C.E.R.T. another four months to issue a public advisory for Triangle MicroWorks’ system.

D.H.S. did not return a request for comment.

Mr. Crain found that he could actually infiltrate a power station’s control center from afar. An attacker could use that capability to insert malware to take over the system, and like Stuxnet, the computer worm that took out 20 percent of Iran’s centrifuges, inflict actual physical harm.

“This is low-hanging fruit,” said Mr. Crain. “It doesn’t require some kind of hacker mastermind to understand the protocol and do this.”

What makes the vulnerabilities particularly troubling, experts say, is that traditional firewalls are ill-equipped to stop them. “When the master crashes it can no longer monitor or control any and all of the substations,” said Dale Peterson, a former N.S.A. employee who founded Digital Bond, a security firm that focuses on infrastructure.

“There is no way to stop this with a firewall and other perimeter security device today.”

The New York Times

When outgoing DHS head Janet Napolitano suggested that a cyber attack on the nation’s power grid is imminent, she meant it.

They know that these systems are vulnerable, and the steps needed to protect the grid from cyber attacks and other potential hazards like a Super EMP or a severe geo-magnetic event would cost in the multiple billions of dollars to fix.

The fact of the matter is that DHS and the vendors who produce these software control systems are dragging their feet, leaving the entire country vulnerable.

Crain and Sistrunk are not hackers or security experts. They are software engineers and they were able to compromise our entire national power grid and water utility systems from remote locations.

What do you think China, Russia, and rogue hackers are capable of doing?

If you don’t think they’ve mapped our entire grid and its vulnerabilities you are kidding yourself.

This is deadly serious.

And when we say deadly, we mean it, because according to a report from the Center for Security Policy presented to Congress in 2010, if our power grid were to be taken offline for an extended period of time, 9 out of 10 Americans would be dead within a year.

There would be no way to transport food because gas stations pumps would be inoperable. And even if they did work, the commerce systems which makes the exchange of goods possible would be offline. Couple that with water utilities not functioning due to lack of electricity, and we’re talking about a worst-case scenario so bad that this country may never recover.

Former Congressman Roscoe Bartlet has urged those who can to move out of major cities for this reason.

You have been warned: You need to be ready for total grid failure.

The threat is real.

"There is no Left or Right. There is only Tyranny and Freedom."

Tagged with: , , , , , , , , , ,
Posted in america, freedom, liberty, news, random, survival, truth, uncategorized
9 comments on “Report: Massive Vulnerability Detected In National Power Grids: “There Is No Way to Stop This”
  1. thunderbolt1959 says:

    MR, Have a GREAT day!!!

    Sorry, I’m a bit distracted here….:-)


  2. thunderbolt1959 says:

    Thanks for bringing this up MR…..

    I was in the middle (central Connecticut) of the Great Northeast Blackout of 1965 and remember the profound effect it had locally…Which was all we could know at the time. Although it was pretty clear by the lack of any light on the horizon that we had a lot of company!

    Of course back then, we were less immobilized by lack of power and it was not an EMP that further crippled electrics/electronic devices like cars of the time….And there may have been a less “dangerous” population to consider. Folks where we were acted in true “community” spirit….I have my doubts today…..

    Our infrastructure is tenuous at best and this serves to highlight that. The mentality that promotes inadequate design and maintenance will eventually win out. The masses will fumble about when it comes time to have to deal with it.

    Gladly, I’ll stay out of their way and let the “heroes” get right into it and pave the way. With their carcasses….Not mine, if I can at all avoid it.

    I wonder though….Was DHS simply incompetent about making a response to these guys or do/did they know it really doesn’t matter?

    Take Care MR!


    • Was DHS simply incompetent about making a response to these guys or do/did they know it really doesn’t matter?

      Not too sure about that. My respect for the DHS would make me lean towards incompetence.

      Are you still on the road? Have a good one where ever you are!


      • thunderbolt1959 says:

        Hello MR!

        Uh, sorry, been back just about a week. For the moment…. Another trip in the works….

        Anyway, Thanks for your thoughts….While I do not underestimate the power of incompetence, further still it is the unpredictably of how it may show up that concerns me.

        It is my goal to remain off the radar screen to avoid, to the extent possible, dealing with whatever they attempt to promote….

        Of course, Fukishima may solve these problems….PERMANENTLY…..:-/


        • It is my goal to remain off the radar screen…

          Considering all the different ways we’re being tracked these days, probably the best way to do that is don’t carry a smartphone.


          • thunderbolt1959 says:

            Yes and why I don’t have one!!

            Frankly, I’m not that interesting a person….You know that…..:-)

            Seriously, I don’t communicate much info in any fashion. And if that “much” info becomes an issue, I can get pretty silent.

            Point I find important is that short of being dead, there will always be some exposure and scrutiny. Limiting that as much as practical, along with not being of much interest to that sort of ilk, has served me well so far……that could always change…..

            I’m still gonna have a GREAT day!!!
            You too MR!!


          • Yes and why I don’t have one!!

            You, me & I heard there’s also a 95 year old woman in a rest home who doesn’t have one. :mrgreen:


          • I’m OK with the road less traveled…:-)

            And who says old folks don’t have good ideas!!


Comments are closed.

Just look at us. Everything is backwards, everything is upside down. Doctors destroy health, lawyers destroy justice, psychiatrists destroy minds, scientists destroy truth, major media destroys information, religions destroy spirituality and governments destroy freedom.

Michael Ellner

If the freedom of speech is taken away, then dumb and silent we may be led, like sheep to the slaughter.

George Washington

A well regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms, shall not be infringed.
I'm Gonna Kick Your Ass!
The United States has been declared under martial law. All constitutional rights have been suspended. Anyone interfering with the collection of urine samples will be shot. Anyone failing to attend morning school prayer will be shot. The number one enemy of progress is questions. National security is more important than individual rights. Sports broadcasts will proceed as scheduled. Shut up, be happy, obey all orders without question. At last everything is done for you.

Jello Biafra

Enter your email address to follow Mountain★Republic
and be notified of new posts
by email.

Member of The Internet Defense League

If you want to offend somebody, just tell him the truth.

Friedrich Nietzsche


       Thousands of Deadly Islamic Terror Attacks Since 9/11

Dr. Judy Wood - Evidence of Breakthrough Energy on 9/11

9/11 Firefighter Blows WTC 7 Cover-Up Wide Open

Fear of GERMS - George Carlin

Your Rights Are An ILLUSION - George Carlin

Visit Mountain Re-Home
A project of Mountain★Republic