Was the North American blackout Vole related?
I guess we just have to wait for the final report. However, the estimation is on pretty solid ground. Such a revelation will cause serious damages, and not just to Microsoft.
As the Interim Report makes quite clear by assigning it as "Cause 1", it was this "Loss of Situational Awareness" by First Energy's control room operators that indirectly led to their loss of control of the power grid during and after the transmission line and generation plant outages that afternoon. In other words, loss of those SCADA systems blinded them.
But weren't those SCADA servers and operator consoles some of the custom built systems running Unix? No, it seems not, because the control server is called out separately in the report as a "GE Harris XA/21" system.
So, although the Interim Report doesn't get down to describing in detail what was running those SCADA servers, these system behaviours it details were not inconsistent with the symptoms seen in millions of data centers running Microsoft Windows systems when they were attacked by Blaster.
Systems slowed to virtual inoperation, processes stalled. Screens frozen and systems unresponsive to operator inputs. Systems that seemed to heal briefly upon rebooting, then stalled again. It sounds quite familiar
Utilities' power grid monitoring and control systems are supposed to be isolated, but it's not unreasonable to suspect that some utilities like First Energy have their internal networks Internet-connected, someplace in the system. Or that someone had an analog modem hooked up and linked to the Internet. Or that someone lugged an infected notebook into their LAN, behind the firewalls. It's hard to fully isolate private networks, so most utility network architects should assume they're not secured.
Thus, if these deductions are correct, the real question is: Why are the utilities using Microsoft systems in their mission-critical networks?
50 million people left in the dark on August 14 might like to know.
But weren't those SCADA servers and operator consoles some of the custom built systems running Unix? No, it seems not, because the control server is called out separately in the report as a "GE Harris XA/21" system.
So, although the Interim Report doesn't get down to describing in detail what was running those SCADA servers, these system behaviours it details were not inconsistent with the symptoms seen in millions of data centers running Microsoft Windows systems when they were attacked by Blaster.
Systems slowed to virtual inoperation, processes stalled. Screens frozen and systems unresponsive to operator inputs. Systems that seemed to heal briefly upon rebooting, then stalled again. It sounds quite familiar
Utilities' power grid monitoring and control systems are supposed to be isolated, but it's not unreasonable to suspect that some utilities like First Energy have their internal networks Internet-connected, someplace in the system. Or that someone had an analog modem hooked up and linked to the Internet. Or that someone lugged an infected notebook into their LAN, behind the firewalls. It's hard to fully isolate private networks, so most utility network architects should assume they're not secured.
Thus, if these deductions are correct, the real question is: Why are the utilities using Microsoft systems in their mission-critical networks?
50 million people left in the dark on August 14 might like to know.
Comment