Back to news

August 14, 2018 | International, C4ISR

HOW HACKED WATER HEATERS COULD TRIGGER MASS BLACKOUTS

WHEN THE CYBERSECURITY industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them.

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.

Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners.

"Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."

The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction.

"Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one," says Soltan. "In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid."

Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers' study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed.

The researchers don't actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That's arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks.

Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters.

The notion of an internet of things botnet large enough to pull off one of those attacks isn't entirely farfetched. The Princeton researchers point to the Mirai botnet of 600,000 hacked IoT devices, including security cameras and home routers. That zombie horde hit DNS provider Dyn with an unprecedented denial of service attack in late 2016, taking down a broad collection of websites.

Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren't enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet.

But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. "It's as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier," Miller says. "It's really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact."

The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system's generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption.

If a botnet did succeed in taking down a grid, the researchers' models showed it would be even easier to keepit down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or "islands" of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect.

The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn't immediately be apparent to the target energy utility. "Where do the consumers report it?" asks Princeton's Soltan. "They don't report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn't have any of this data."

That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark.

https://www.wired.com/story/water-heaters-power-grid-hack-blackout/

On the same subject

  • There are Turkish jets in the Pentagon’s latest F-35 deal. Here’s why that’s not a big problem.

    June 14, 2019 | International, Aerospace

    There are Turkish jets in the Pentagon’s latest F-35 deal. Here’s why that’s not a big problem.

    By: Valerie Insinna WASHINGTON — The Pentagon's latest deal with Lockheed Martin for new F-35 jets includes some for Turkey, raising the question of what will happen if the country is pushed out of the program. The handshake agreement announced Monday totals about $34 billion for 478 new F-35s over lots 12 through 14, including about five to 10 jets for Turkey per lot, one source told Defense News. But that might not complicate the process of finalizing the contract agreement, aerospace analysts and other sources close to the program said — even as the Defense Department begins “unwinding” Turkey's participation in the program. At issue is Turkey's purchase of the S-400, a Russian air defense system that U.S. and NATO officials say is at odds with the alliance's plan to field the F-35. Despite months of discussions between Ankara and Washington, Turkish leaders have emphatically maintained that it will not cancel the S-400 order. In response, acting U.S. Defense Secretary Patrick Shanahan on June 6 approved a plan to strip Turkey from the F-35 program. Turkish pilots and maintainers undergoing training at U.S. bases are required to leave the United States by July 31, and contracts with Turkish defense companies could end in 2020. Ankara has since doubled down on its intent to buy the S-400. Turkish President Recep Tayyip Erdogan said Wednesday that the purchase is already “a done deal” and that the Russian air defense system will be delivered in July, according to Reuters. “We will call to account in every platform Turkey being excluded from the F-35 program for reasons without rationale or legitimacy,” Erdogan said. So what if Turkey leaves? Sources told Defense News that Turkey's potential exit from the program isn't expected to have much of an impact on the deal for lots 12 through 14. The Pentagon hasn't provided exact costs per unit for the new F-35s, but it has acknowledged that unit flyaway costs will decrease by about 8.8 percent in Lot 12, made up of 157 jets. The department also estimates unit prices will drop by about 15 percent from Lot 11 to Lot 14 across all variants. By that framework, F-35 customers will be able to buy an F-35A conventional-takeoff-and-landing model for less than $80 million by Lot 13 — one year earlier than expected. That isn't expected to change, even if Turkey is knocked from the program, a department source said. Rebecca Grant of IRIS Independent Research said it's likely the number of jets and the negotiated prices in the handshake agreement will stand, adding that the Defense Department still has options on the table. “They can let Turkey go ahead and have those jets [and] park them in the desert [until this issue is resolved]. They can switch to a customer that wants earlier deliveries — also an option,” she said. Dealing with these types of problems isn't new for the United States, added Grant, who pointed to the U.S. arms embargo on Pakistan in 1990, which resulted in the country's F-16s being placed into storage. Richard Aboulafia, an aerospace analyst at the Teal Group, said there are multiple ways for the Pentagon to deal with the fallout of a Turkish exit from the program. Countries like Singapore and Poland, which have expressed interest in buying F-35s, could join the program and pick up the slack. If Congress adds F-35s to upcoming budget cycles — which has been typical in recent years — the U.S. armed services could buy Turkey's jets. “I really don't see it as a challenge,” Aboulafia said. “This is not the same as building white tails in the commercial aviation business.” Another option was outlined by Marillyn Hewson, the head of F-35 manufacturer Lockheed Martin, in May: Sell Turkey's jets to existing international customers. “It's not a significant number of aircraft that if there was a sanction that they couldn't receive those aircraft now or in the future; it will be backfilled,” she said at Bernstein's Strategic Decisions Conference, according to Defense One. “In fact, a lot of countries say: ‘We'll take their [production line] slots.' They [other countries] really want the aircraft. I don't envision that being an impact on us from a Turkey standpoint.” U.S. officials remain hopeful that Turkey will cancel its S-400 order, and they have made it clear that Turkey's participation in the F-35 program will continue if that happens. “Turkey still has the option to change course. If Turkey does not accept delivery of the S-400, we will enable Turkey to return to normal F-35 program activities,” Ellen Lord, the Pentagon's acquisition chief, said June 7. The U.S. government is no rush to expel Turkey from the program, Grant said. Including Turkey in the current contract negotiations helps send that message. “We need Turkey in NATO, and we'd like to see a Turkish Air Force with F-35s,” she said. “This is going to take some diplomacy.” Aboulafia noted that Turkey benefits from its involvement in the F-35 program, with its companies manufacturing parts for the jet's F135 engine and a second supplier providing the center fuselage. The country has made the development of its defense industry a priority, and risks becoming a cottage industry if it alienates its NATO allies, he said. “This does not do it any favors. They are going to have to line up partners and programs very fast," he added. But the prospect of a happy resolution is looking increasing grim, he said. “There is no room for compromise [on the U.S. side], and on the other side you have a populist, who is making this a test of his leadership. There is a lot of ego here.” https://www.defensenews.com/air/2019/06/13/there-are-turkish-jets-in-the-pentagons-latest-f-35-deal-heres-why-thats-not-a-big-problem/

  • Contract Awards by US Department of Defense - December 4, 2018

    December 7, 2018 | International, Aerospace, Naval, Land, C4ISR, Security

    Contract Awards by US Department of Defense - December 4, 2018

    NAVY Astro Mechanical Contractors Inc.,* El Cajon, California (N62473-19-D-2416); Heffler Contracting Group,* El Cajon, California (N62473-19-D-2417); Public Works Contractor Inc., doing business as PWC Inc.,* Spring Valley, California (N62473-19-D-2418); Souza Construction Inc.,* Farmersville, California (N62473-19-D-2419); Ja'nus Ventilation and Mechanical Inc.,* Lakeside, California (N62473-19-D-2420); and Able Heating and Air Conditioning Inc.,* Chula Vista, California (N62473-19-D-2421), are each awarded an indefinite-delivery/indefinite-quantity, multiple award construction contract for new construction, renovation, and repair by design-bid, of heating, ventilation, and air conditioning (HVAC) system projects at various government installations located in California, Arizona, Nevada, Utah, Colorado, and New Mexico. The maximum dollar value including a two-year base period and one three-year option period for all six contracts combined is $200,000,000. The work to be performed provides for new construction, renovation, and repair within the North American Industry Classification System code 238220, by design-build, of HVAC system projects. Types of projects may include, but are not limited to: boiler/chiller plants; digital direct controls or energy management control system; HVAC equipment energy optimization; commissioning and retro commissioning; distribution systems including, supply and return air systems, ventilation and exhaust systems, steam, glycol, medical gas, refrigerant, heating hot water and chilled water distribution, associated terminal devices, heat recovery equipment, heat exchangers, sound attenuation, insulation, and associated appurtenances; energy supply including oil, gas, steam, heating hot and chilled water distribution systems and equipment including special cooling and humidity control, dust and fume collectors, air purifiers, paint booth ventilation systems; and system testing and balancing. Astro Mechanical Contractors Inc., is being awarded the initial project task order at $1,618,230 to repair HVAC system in H60 Simulator Facility, Naval Base Coronado (NBC) Building 352 at NBC, San Diego. Work for this task order is expected to be completed by Dec. 19, 2019. All work on these contracts will be performed at various government installations within the Naval Facilities Engineering Command (NAVFAC) Southwest area of responsibility including, but not limited to, California (90 percent); Arizona (6 percent); Nevada (1 percent); Utah (1 percent); Colorado (1 percent), and New Mexico (1 percent). The terms of the contracts are not to exceed 60 months, with an expected completion date of November 2023. Fiscal 2018 operations and maintenance (Navy) contract funds in the amount of $1,618,230 are obligated on this award and will expire at the end of the current fiscal year. Future task orders will be primarily funded by military construction (Navy); operations and maintenance (Navy and Marine Corps); and Navy working capital funds. This contract was competitively procured as a small business set-aside procurement via the Navy Electronic Commerce Online website with 19 proposals received. These six contractors may compete for task orders under the terms and conditions of the awarded contracts. The NAVFAC Southwest, San Diego, California, is the contracting activity. General Dynamics Electric Boat, Groton, Connecticut, is awarded a $46,167,531 cost-plus-fixed- fee modification to a previously awarded contract (N00024-18-C-4321) for non-nuclear repair services required to support submarine maintenance. The services under this contract are for non-nuclear repair services required to support submarine overhauls, maintenance, repair and modernization upgrades; ship alterations, temporary modifications and field changes; supplies and/or ancillary services and corrective and preventative maintenance. Work will be performed in New London, Connecticut, and is expected to be completed by December 2019. Fiscal 2019 operations and maintenance (Navy) funding in the amount of $10,100,000 will be obligated at the time of award and will expire at the end of the current fiscal year. The Supervisor of Shipbuilding, Groton, Connecticut, is the contracting activity. Rockwell Collins Government Systems, Cedar Rapids, Iowa, is awarded $10,815,536 for modification P00002 to a firm-fixed-price delivery order (N0042118F0891) against a previously issued basic ordering agreement (N00421-17-G-0003). This delivery order provides fiscal 2019 funding for the Modern Transmission Security and Tactical Secure Voice Suite B, Cryptographic Equipment Application integration for the ARC-210 RT-1939A(C), RT-1990A(C) and RT-2036(C) radios in support of multiple aircraft platforms. Work will be performed in Cedar Rapids, Iowa, and is expected to be completed in January 2022. Fiscal 2019 research, development, test and evaluation (Navy) funds in the amount of $10,815,536 will be obligated at time of award, none of which will expire at the end of the fiscal year. The Naval Air Warfare Center Aircraft Division, Patuxent River, Maryland, is the contracting activity. Huntington Ingalls Inc., Pascagoula, Mississippi, is awarded a $10,782,772 cost-plus-fixed-fee contract modification to previously awarded contract N00024-12-C-4323 for long lead time material procurement and management services for CG-65 and CG-69. Huntington Ingalls provides necessary engineering, technical, planning, ship configuration, data, and logistics efforts for lifetime support of both maintenance and modernization. Work will be performed in Pascagoula, Mississippi, and is expected to be complete by August 2019. Fiscal 2018 other procurement (Navy) funding in the amount of $10,782,772 will be obligated at time of award and will not expire at the end of the current fiscal year. The Supervisor of Shipbuilding, Conversion, and Repair, Gulf Coast, Pascagoula, Mississippi, is the contracting activity. Lockheed Martin Rotary and Mission Systems, Liverpool, New York, is awarded a $7,078,327 firm-fixed-price modification to previously-awarded contract N00024-14-C-6227 to exercise options for the production of low-cost conformal arrays. Work will be performed in Liverpool, New York (90 percent); Marion, Massachusetts (8 percent); and Owego, New York (2 percent), and is expected to be completed by March 2020. Fiscal 2018 other procurement (Navy) funding in the amount of $6,778,327; and fiscal 2019 other procurement (Navy) funding in the amount of $300,000 will be obligated at time of award and will not expire at the end of the current fiscal year. The Naval Sea Systems Command, Washington, District of Columbia, is the contracting activity. ARMY AAI Corp., doing business as Textron, Hunt Valley, Maryland, was awarded a $152,707,618 modification (P00080) to contract W911QY-17-C-0013 for logistics services. Work will be performed at Fort Bragg, North Carolina, with an estimated completion date of May 29, 2020. Fiscal 2019 other procurement, Army; and operations and maintenance, Army funds in the amount of $27,935,533 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity. AIR FORCE General Atomics Aeronautical Systems Inc., Poway, California, has been awarded a $26,718,824 option (002620) to a previously awarded contract (FA8620-15-G-4040) for MQ-9 contractor logistics support phase three. The contractor will provide an additional period of contractor logistics support for the French Air Force. Work will be performed in Poway, California, and is expected to be completed Dec. 31, 2019. This contract involves 100 percent foreign military sales to France. Air Force Life Cycle Management Center, Wright-Patterson Air Force Base, Ohio, is the contract activity. General Electric (GE) Aviation, Cincinnati, Ohio, has been awarded an $11,116,525 firm-fixed-price contract for engineering and technical services in support of the following engines: F-16 F110-GE-100, A-10 TF-34, KC-135 F-108, B-1 F118, E-6B F108, T700-401C, J85-21B, F110, F16 C/D, F/A-18 and F110-GE-129. This contract provides for on-site proficiency training and advice to elevate the technical skill and abilities of personnel responsible for the operation and maintenance of the GE Aviation equipment/systems to the level of self-sufficiency. Work will be performed at Buckley Air Force Base, Colorado; Baltimore, Maryland; Springfield, Illinois; Tinker AFB, Oklahoma; Naval Air Station North Island, California; Marine Corps Base Camp Pendleton, California; Isa Air Base, Bahrain; Cairo West AB, Egypt; Engine Depot, Israel; Ahmed al Jaber AB; Kuwait and Daegu AB, South Korea, and is expected to be completed by Dec. 31, 2020. This contract is the result of a sole-source acquisition. This contract involves 41.6 percent foreign military sales (FMS) to Israel; Egypt; Bahrain; South Korea, and Kuwait. Fiscal 2019 operations and maintenance funds in the amount of $5,000,000; and fiscal 2019 FMS funds in the amount of $1,000,000 are being obligated at the time of award. Air Force Life Cycle Management Center, Wright-Patterson AFB, Ohio, is the contracting activity (FA8604-19-D-8004). L-3 Technologies Inc., Williamsport, Pennsylvania, has been awarded a $7,795,473 firm-fixed price requirements contract for E-3 sustainment. This contract provides for repair and overhaul of E-3 electron tubes. Work will be performed in Williamsport, Pennsylvania, and is expected to be completed by June 5, 2024. This award is the result of a sole-source acquisition. No funds are being obligated at the time of award. Funds will be obligated upon issuance of delivery orders. Air Force Sustainment Center, Tinker Air Force Base, Oklahoma, is the contracting activity (FA8117-19-D-0008). DEPARTMENT OF DEFENSE EDUCATION ACTIVITY Yellowfin Transportation, Shawnee, Kansas (HE1254-19-D-2001), is awarded an indefinite-delivery/indefinite-quantity, multiple-award contract for daily commute and special needs student transportation services in the amount of $8,570,866. The location of performance is Fort Benning, Georgia. The award is for a four-year and seven-month base period ending July 31, 2023; and a five-year option period ending July 31, 2028. Fiscal 2019 operations and maintenance funds will be used to fund the initial task order. This contract was competitively procured via request for proposal HE1254-18-R-2016, with two offers received. The contracting activity is the Department of Defense Education Activity, Alexandria, Virginia. (Awarded Dec. 3, 2018) CG Logistics, Ridgeland, Mississippi (HE1254-19-D-2002); is awarded an indefinite-delivery/indefinite-quantity, multiple-award contract for daily commute and special needs student transportation services in the amounts of $8,848,772. The location of performance is Fort Benning, Georgia. The award is for a four-year and seven month base period ending July 31, 2023; and a five-year option period ending July 31, 2028. Fiscal 2019 operations and maintenance funds will be used to fund the initial task order. This contract was competitively procured via request for proposal HE1254-18-R-2016, with two offers received. The contracting activity is the Department of Defense Education Activity, Alexandria, Virginia. (Awarded Dec. 3, 2018) WASHINGTON HEADQUARTERS SERVICES NetCentrics Corp., Herndon, Virginia, was awarded an $8,156,810 time and material, labor-hours, and firm-fixed-price contract modification. The contract was to obtain Joint Service Provider information technology service delivery support services for Washington Headquarters Services (WHS); the Office of the Secretary of Defense; Pentagon Force Protection Agency; and the WHS-supported organizations. Work performance will take place in the National Capital Region, including the Pentagon, Mark Center and Crystal City, Virginia. Fiscal 2019 operations and maintenance funds in the amount of $8,156,810 are being obligated on this award. The expected completion date is May 30, 2019. Washington Headquarters Services, Arlington, Virginia, is the contracting activity (HQ0034-19-C-0008). (Awarded Nov. 29, 2018) *Small business https://dod.defense.gov/News/Contracts/Contract-View/Article/1705364/

  • Army awards contract to build new TNT production facility in Kentucky

    November 13, 2024 | International, Land

    Army awards contract to build new TNT production facility in Kentucky

    The U.S. has picked a location to restart its TNT production domestically as it races to ramp up 155mm production.

All news