[Cryptography] North Korea and Sony

Thu Dec 11 09:15:53 EST 2014

At 06:19 PM 12/10/2014, dan at geer.org wrote:
>Henry Baker writes:
> | At 11:55 AM 12/9/2014, dan at geer.org wrote:
> | >"Banks Dreading Computer Hacks Call for Cyber War Council" Bloomberg, July 8, 2014
> | >
> | >www.bloomberg.com/news/print/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council.html
> | >
> | >  It says the concerns are "compounded by the dependence of financial
> | >  institutions on the electric grid," which is also vulnerable to
> | >  physical and cyber attack.
> | 
> | More of Michael Hayden's fear-mongering about the electric grid.
> |  <snip>
>
>Well, the discussion we were having was about nation-state actors,
>so I'm tempted to interpret the material you provided -- with which
>I am *not* arguing -- as a clear and present indicator that state
>level actors seeking to damage the U.S. should act sooner rather
>than later as, per your materials, the sooner they act the more
>vital the electric grid is at the time they take action since said
>grid will not be as vital tomorrow as it is today, etc.

The following article from comp.risks is the best suggestion to
improve the resilience of the US electrical grid I've ever heard
(emphasis mine):

Date: Fri, 29 Aug 2014 14:27:03 -0400
From: Dick Mills <dickandlibbymills at gmail.com>
Subject: Staged Blackout Drills

Archives of The Risks Forum contain numerous indignant accounts of troubles
caused when the electric power went out unexpectedly.  Today, most of the
discussion depicts apocalyptic scenes to follow cyber attacks on the power
grid.  Listen to those stories and you may join the stampede to spend
hundreds of billions making it more secure.

Never mind that 100% reliability and 100% cyber security are unattainable.
Never mind that the goal of terrorism is to make us fearful and to induce us
to change our society and priorities.  Never mind that every year the public
does not experience a widespread blackout, that they unwittingly assume that
elevators, cell phones and such will never fail, thus increasing the
consequences of a real failure.

I am of the opinion that the power grid is already *** too reliable *** for
our own good, and that *** massive spending on grid security would actually
be counterproductive. *** I'll explain.

In parts of India, the power goes out as often as five times per day.  Local
businesses and the people have adapted to the point where a blackout is
hardly noticed.  Life and commerce continue uninterrupted.  Some have their
own backup power.  Some find other ways do adapt.  No terrorist could scare
those people by the threat of a blackout.

Firemen hold weekly drills.  Pilots and nuclear plant operators train
extensively to handle emergencies making.  Indeed, all professionals
expected to deal with unexpected emergencies sharpen and test their skills,
and their equipment via practice.  Even as children, we participated in
school fire drills.

Why not sharpen and train consumers and businesses in analogous ways via
staged blackouts?  The short answer is that the mere thought is anathema to
the culture of the electric utility business.  These people dedicate their
lives to keeping the lights on always to the best of their abilities.

We could design a series of staged blackout drills of varying scope and
duration all the way up to a nationwide surprise blackout.  Periodic
refresher drills could maintain readiness.

If power grid security ceased to become a source of fear and a threat to the
economy, then its appeal as a terrorism target would vanish.  We could spend
those hundreds of billions on something else.  We might also become more
flexible in living with a grid dominated by unpredictable solar and wind
sources. It is hard tor me to think of a way we would not be better off.

Is there really a good reason to not do as I suggest?

Dick Mills, Sailing Vessel Tarwathie