Did the Chinese PLA Attack the U.S. Power Grid?
This article claims that the Chinese Peoples Liberation Army was behind, among other things, the August 2003 blackout:
Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.
One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.
This is all so much nonsense I don’t even know where to begin.
I wrote about this blackout already: the computer failures were caused by Blaster.
The “Interim Report: Causes of the August 14th Blackout in the United States and Canada,” published in November and based on detailed research by a panel of government and industry officials, blames the blackout on an unlucky series of failures that allowed a small problem to cascade into an enormous failure.
The Blaster worm affected more than a million computers running Windows during the days after Aug. 11. The computers controlling power generation and delivery were insulated from the Internet, and they were unaffected by Blaster. But critical to the blackout were a series of alarm failures at FirstEnergy, a power company in Ohio. The report explains that the computer hosting the control room’s “alarm and logging software” failed, along with the backup computer and several remote-control consoles. Because of these failures, FirstEnergy operators did not realize what was happening and were unable to contain the problem in time.
Simultaneously, another status computer, this one at the Midwest Independent Transmission System Operator, a regional agency that oversees power distribution, failed. According to the report, a technician tried to repair it and forgot to turn it back on when he went to lunch.
To be fair, the report does not blame Blaster for the blackout. I’m less convinced. The failure of computer after computer within the FirstEnergy network certainly could be a coincidence, but it looks to me like a malicious worm.
The rest of the National Journal article is filled with hysterics and hyperbole about Chinese hackers. I have already written an essay about this—it’ll be the next point/counterpoint between Marcus Ranum and me for Information Security—and I’ll publish it here after they publish it.
EDITED TO ADD (6/2): Wired debunked this claim pretty thoroughly:
This time, though, they’ve attached their tale to the most thoroughly investigated power incident in U.S. history.” and “It traced the root cause of the outage to the utility company FirstEnergy’s failure to trim back trees encroaching on high-voltage power lines in Ohio. When the power lines were ensnared by the trees, they tripped.
[…]
So China…using the most devious malware ever devised, arranged for trees to grow up into exactly the right power lines at precisely the right time to trigger the cascade.
Large-scale power outages are never one thing. They’re a small problem that cascades into series of ever-bigger problems. But the triggering problem were those power lines.
Clive Robinson • June 2, 2008 7:17 AM
In the past many people have claimed “they did it” for political or other reasons.
It makes an investigators life difficult especially if the person(s) are effectivly knowledgsable cranks.
One way to determin the truth is to ask the prior/post questions,
PRIOR – If you have the ability what benifit is it to you to carry out the act?
POST – Irrespective of if you have the ability what benifit to you is it claim you did it?
Then consider the answers as a “balance” if the post far outweighs the prior then it is more likley to be a “crank”.
So for a calim to be belivable you have to examin the motivation for actually carrying out the act and the benifit gained as a prior consideration.
In the case of the Chinese yes they probably do have the capabilty but what would it benifit them to “show case” it in this way.
If it is to be a weapon of war then you either have to be at war or using it as a deterant show of superiority. As a weapon of this type is usually quickly nullified and is of no further use, then you have to ask why do it?
Basicaly the Chinese option tends to fail the test.
However there is always another option which is the old biological warfare “accidental release” senario which needs different questions.