Back to news

August 14, 2018 | International, C4ISR

HOW HACKED WATER HEATERS COULD TRIGGER MASS BLACKOUTS

WHEN THE CYBERSECURITY industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them.

At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.

Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners.

"Power grids are stable as long as supply is equal to demand," says Saleh Soltan, a researcher in Princeton's Department of Electrical Engineering, who led the study. "If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want."

The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction.

"Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one," says Soltan. "In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid."

Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers' study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed.

The researchers don't actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That's arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks.

Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters.

The notion of an internet of things botnet large enough to pull off one of those attacks isn't entirely farfetched. The Princeton researchers point to the Mirai botnet of 600,000 hacked IoT devices, including security cameras and home routers. That zombie horde hit DNS provider Dyn with an unprecedented denial of service attack in late 2016, taking down a broad collection of websites.

Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren't enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet.

But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. "It's as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier," Miller says. "It's really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact."

The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system's generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption.

If a botnet did succeed in taking down a grid, the researchers' models showed it would be even easier to keepit down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or "islands" of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect.

The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn't immediately be apparent to the target energy utility. "Where do the consumers report it?" asks Princeton's Soltan. "They don't report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn't have any of this data."

That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark.

https://www.wired.com/story/water-heaters-power-grid-hack-blackout/

On the same subject

  • Holmes Lays Out ‘Fighter-Like’ Roadmap

    March 2, 2020 | International, Aerospace

    Holmes Lays Out ‘Fighter-Like’ Roadmap

    By John A. Tirpak ORLANDO, Fla.—Air Combat Command is shifting from a “fighter roadmap” to a “capabilities” roadmap that will capture many of the things fighters do today, but likely with new types of unmanned systems and “attritable” aircraft, Air Combat Command boss Gen. Mike Holmes said Feb. 27. Speaking with reporters at an AFA Air Warfare Symposium press conference, Holmes said ACC is grappling with “what is a fighter?” in the future. The fighter mission will give way to “attritable” aircraft and “loyal wingmen” unmanned aircraft, in addition to fighters, and possibly different kinds of manned aircraft. The roadmap will be very much dependent on the theaters in which the assets will be used. “What I would rather build is a capabilities roadmap that shows how we're going to accomplish the missions for the Air Force that we traditionally have done with fighters,” Holmes said. “And the subtlety there is, I would hope, 30 years from now, I'm not still trying to maintain 55 fighter squadrons. I think we will have advanced and there will be some other things that we'll be cutting-in.” The roadmap is in roughly five-year stages, which parallel “natural decision points” affecting chunks of the fleet, Holmes explained. The first stage seeks a replacement for the F-15C fleet, which is now aging out of the inventory. Those aircraft will be replaced by F-35s and the new F-15EXs, Holmes reported. The EXs are needed to reduce the overall age of the fighter fleet “so we can afford to sustain it,” he said, noting the EX is “what's available to us now.” The next stage “will be what we call the pre-block F-16s—the Block 25 and 30 Fighting Falcons—that we're still flying.” Within the next eight years, “depending on budgets and capabilities, we'll have to decide what we'll do about those airplanes,” Holmes said. There is an “opportunity” to cut-in “something new: low cost, attritable [aircraft], loyal wingmen, various things we're ... experimenting with.” After that, ACC will confront “the post-Block F-16s—the Block 40s and 50s—that can fly for quite a bit longer, but there is a modernization bill that would have to be spent to keep them useful,” Holmes said, suggesting further service life extension for the F-16 may be coming. Gen. Arnold Bunch, commander of Air Force Materiel Command, said the F-16 post-block fleet could be extended for as much as another 10 years of service life, starting in the mid-20s. A SLEP would have to focus first on making them safe to fly, he said, and they would need technology insertions to make them relevant, “depending on what you use them for.” The aircraft will already have Active Electronically Scanned Array radars and digital backbones, he noted. Finally, ACC is trying to decide what the Next-Generation Air Dominance system should be. “The equation and the math we use for ‘what is a fighter' still works pretty well for the European environment—the range, payload, and distance problem,” Holmes noted. But “it's not as effective a solution in the Pacific because of the distances,” and for that theater, he said, “I wouldn't expect [NGAD] to produce things that necessarily look like a traditional fighter, or in that traditional swap between range and payload that we've done.” Pacific Air Forces boss Gen. Charles Q. Brown, Jr. said in the future a family of systems approach will be more useful given the size of the area of operations and the differences in the adversary. “The family of systems provides us some level of advantage. If you're looking for a single point solution that has to be a fighter. It's the fighter, but not the information that comes off the fighter, the information the fighter gets from other platforms ... ,” Brown said. “How all that comes together will be important to support the fighter of the future, or whatever capability we have.” Holmes said Will Roper, the Air Force acquisition chief, is thinking about more low-cost “attritable” options for the Pacific, “thinking about that long-range problem, what might we come up with.” He has previously allowed that something akin to a large missileer, potentially a variant on the B-21, could be part of the mix, and ACC is also thinking about an “arsenal plane” concept. “Those discussions are going on, and they should be,” Holmes added. But “it is still ... our responsibility to the rest of the force to control the air and space on their behalf.” Roper's team is working with industry to pursue a new “digital” prototyping approach that Holmes said he's pleased with. He noted that Boeing was able to win the T-7 competition by showing it can “design and build airplanes in a different way and at a cost point nobody expected,” and “we think we have the opportunity to spread that across the other things we're doing.” He also says there is support from Capitol Hill with the approach at this stage, and ACC is working hard to share information on the future of ACC combat capabilities at “the right level” of classification. https://www.airforcemag.com/holmes-lays-out-fighter-like-roadmap/

  • Contract Awards by US Department of Defense - October 15, 2018

    October 16, 2018 | International, Naval, Land, C4ISR

    Contract Awards by US Department of Defense - October 15, 2018

    ARMY Absolute Business Solutions Inc., Herndon, Virginia (W911QY-19-D-0001); Data Systems Analysts Inc., Feasterville Trevose, Pennsylvania (W911QY-19-D-0002); DCS Corp., Alexandria, Virginia (W911QY-19-D-0003); HII Mission Driven Innovative Solutions Inc., Huntsville, Alabama (W911QY-19-D-0004); Integrity Consulting Engineering and Security Solutions,* Purcellville, Virginia (W911QY-19-D-0005); Interactive Process Technology LLC, Billerica, Massachusetts (W911QY-19-D-0006); Joint Research and Development Inc.,* Stafford, Virginia (W911QY-19-D-0007); Kalman and Company Inc., Virginia Beach, Virginia (W911QY-19-D-0008); MLT Systems LLC,* Stafford, Virginia (W911QY-19-D-0009); Mustang Gray LLC,* Stafford, Virginia (W911QY-19-D-0010); Patricio Enterprises Inc., Stafford, Virginia (W911QY-19-D-0011); and Whitney, Bradley & Brown Inc., Reston, Virginia (W911QY-19-D-0012), will share in a $249,000,000 firm-fixed-price contract for providing resources in support of the Joint Program Executive Office for Chemical and Biological Defense. Bids were solicited via the internet with 21 received. Work locations and funding will be determined with each order, with an estimated completion date of Oct. 14, 2023. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity. NAVY Dyncorp International LLC, Fort Worth, Texas, is awarded a $152,247,409 firm-fixed-price, cost reimbursable, indefinite-delivery/indefinite-quantity contract. This contract provides for logistics support services and material for the organizational and depot level maintenance of approximately 118 TH-57 aircraft. Work will be performed in Milton, Florida, and is expected to be completed in November 2022. No funds will be obligated at time of award. Funds will be obligated on individual task orders as they are issued. This contract was competitively procured via an electronic request for proposal, with two offers received. The Naval Air Warfare Center Training Systems Division, Orlando, Florida, is the contracting activity (N61340-19-D-0905). WR Systems Ltd., Norfolk, Virginia, is awarded a $49,999,996 indefinite-delivery/indefinite-quantity, performance-based contract with provisions for cost-plus-fixed-fee and firm-fixed-price task orders. The contract is for the procurement of positioning, navigation and timing engineering and in-service engineering agency support services. The services required include design development, systems integration, acquisition and prototype engineering, technical documentation, and integrated logistic support in order to support the Integrated Product Team. Work will be performed in Norfolk, Virginia, and is expected to be completed by October 2020. Fiscal 2018 other procurement (Navy) funds in the amount of $1,200 are obligated at the time of award and will not expire at the end of the current fiscal year. This contract was not competitively procured because this is a sole-source acquisition pursuant to the authority of 10 U.S. Code 2304(c)(1), one source or limited sources (Federal Acquisition Regulation 6.302-1(a)(2)(iii)(B)). Space and Naval Warfare Systems Center Atlantic, Charleston, South Carolina, is the contracting activity (N6523619D8001). The Boeing Co., St. Louis, Missouri, is awarded $24,400,000 for cost plus-incentive-fee delivery order N0001918F2046 against a previously issued basic ordering agreement (N00019-16-G-0001). This order provides for Airborne Electronic Attack (AEA) System enhancements to the ALQ-218 receiver system hardware and communication lines between assemblies to accommodate future planned functional growth and enhancements. Thirteen sets of WRA-7, WRA-8, WRA-9, and 18 AEA gun bay pallets will be modified and the associated technical directives will be written in support of the Navy and the government of Australia. Work will be performed in Baltimore, Maryland (31 percent); St. Louis, Missouri (23 percent); St. Augustine, Florida (15 percent); Bethpage, New York (11 percent); Patuxent River, Maryland (10 percent); and China Lake, California (10 percent), and is expected to be completed in December 2020. Fiscal 2018 aircraft procurement (Navy); and foreign military sales funds in the amount of $24,400,000 will be obligated at time of award, none of which will expire at the end of the current fiscal year. This delivery order combines purchases for the Navy ($23,157,457; 95 percent); and the government of Australia ($1,242,543; 5 percent). The Naval Air Systems Command, Patuxent River, Maryland, is the contracting activity. Electric Boat Corp., Groton, Connecticut, is awarded a $14,718,840 cost-plus-fixed-fee contract for the Next Generation Submarine Science and Technology Research. This contract contains options, which if exercised, would increase the contract value to $39,661,906. Work will be performed in Groton, Connecticut, and work is expected to be completed by Oct. 14, 2019. If options are exercised, work will continue through October 2023. Fiscal 2018 research, development, test and evaluation (Navy) funds in the amount $10,000 will be obligated at the time of award. No funds will expire at the end of the current fiscal year. This contract was competitively procured under N00014-18-S-B001 “Long Range Broad Agency Announcement (BAA) for Navy and Marine Corps Science and Technology.” Proposals will be received throughout the year under the long range BAA, therefore, the number of proposals received in response to the solicitation is unknown. The Office of Naval Research, Arlington, Virginia, is the contracting activity (N00014-19-C-1002). DEFENSE INFORMATION SYSTEMS AGENCY Southwind Construction Services LLC, Edmond, Oklahoma, was awarded a competitive firm-fixed-price contract for the installation of raised floor and high density cooling and power upgrade at the Oklahoma City, Oklahoma data center. The face value of this action is $9,177,535 funded by fiscal 2018 and 2019 capital funds. Performance will be at Data Center Oklahoma City, Tinker Air Force Base, Oklahoma. Proposals were solicited via the Federal Business Opportunity website and three proposals were received. The period of performance is 365 days after contract award (estimated period of performance is Oct. 22, 2018 - Oct. 21, 2019). The Defense Information Technology Contracting Organization, Scott AFB, Illinois, is the contracting activity (HC102819C0001). *Small Business https://dod.defense.gov/News/Contracts/Contract-View/Article/1662895/source/GovDelivery/

  • Thales : focus sur le système Syracuse IV

    February 23, 2021 | International, Aerospace, C4ISR

    Thales : focus sur le système Syracuse IV

    DÉFENSE Thales : focus sur le système Syracuse IV L'Usine Nouvelle consacre un article détaillé au nouveau contrat conclu par la DGA avec Thales, rendu public le 18 février, concernant Syracuse IV (SYstème de RAdioCommunication Utilisant un SatellitE), le réseau qui permet d'assurer l'ensemble des communications militaires entre la France et les unités déployées sur les thé'tres d'opérations 24h/24. Dans le cadre de ce contrat, d'un montant de 354 millions d'euros, Thales fournira les 200 antennes satellitaires qui équiperont les navires, les sous-marins et les véhicules blindés de l'armée française. La nouvelle technologie de transmission hautement sécurisée de Thales, baptisée « modem 21 », est au cœur du système Syracuse IV. Ce modem permet d'offrir des communications dix fois plus rapides par rapport à la génération précédente, et donnent la possibilité de réaliser des communications simultanément avec une centaine d'utilisateurs. Elles sont prévues pour résister au brouillage, aux tentatives de déchiffrement, et s'adaptent à la mobilité des militaires sur le terrain. « Les premières stations issues de ces contrats seront livrées à partir de la fin de l'année 2022 », a précisé la DGA dans son communiqué. Plusieurs sites de Thales bénéficieront des retombées liées à cette commande : Cholet (Maine-et-Loire), Gennevilliers (Hauts-de-Seine) et Brive (Corrèze). « Cela va contribuer à sécuriser 800 emplois chez Thales et autant chez nos sous-traitants », précise Marc Darmon, directeur général adjoint en charge de l'activité des systèmes d'information et de communication sécurisés pour Thales. L'Usine Nouvelle du 23 février

All news