–>A new and unprecedented volume of data is coming your way
You can either plan for it, and figure out how to secure it before the deluge starts, or you can simply let it all come and hope that the sheer volume of it will bury the evidence of your obvious lack of security forethought. –>Smart Grid Security Blog, 01 June 2010
Once again, it should be emphasized that the network is the first to be hit: Take a look at what your network’s in for…
SG Security and RF Meshes…20Jul10 [gbcn]
Gauteng broadband project ‘faces axe’
The South African province, containing Johannesburg and Pretoria, approved the multibillion integration of existing network infrastructure to provide cheaper access to broadband Internet services. The government intended to spur economic development and attract more business investment. After building the R 20 billion GAUTRAIN, there is not a cent left for this project.
Meanwhile, GBCN’s partner, TWU Broadband Communications, has formally offered to fund, build, and operate Power Grid Networks on the local electricity distribution grids of the City of Tshwane (Pretoria) and Ekurhuleni (an even larger adjoining municipality).
These Power Grid Networks will provide smart grid management services and broadband communications for end-users, customers, as well as all cellular carriers operating in these Municipalities.
The RSA government has touted the need for “public / private partnerships” to bring private sector solutions to infrastructure problems.
Utility regulators are powerful folks — much like oil companies in some ways. They control the electrical energy distribution monopoly.
Utility regulators are quite comfortable dealing with large concepts. How the FCC’s ambition with broadband services plays out, who owns and protects the consumer’s data that will be generated and transmitted over these smart grids, and most importantly, how NERC thinks that feed-in tariffs such be used to develop renewable resources …not to mention the implementation of new pipeline safety rules.
John Wellinghoff, chair of FERC, says electric distribution companies need to RETHINK their strategies. Smart Grids should not just be about getting a two-way communicating meter into the house. It’s simply not enough. There needs to be tools so that consumers can learn and understand, application by application, where they can manage energy usage by each appliance they have, and respond accordingly.
This Maryland PSC decision about BG&E’s $835 million smart grid proposal was about customers beginning to pay a surcharge to cover the costs of the project LONG BEFORE they would reap any benefits from the new meters — also the “time-of-use” rates that charge residential customers higher electricity prices at peak times would be MANDATORY.
This Smart Grid project is seen by the Maryland PSC as a classic utility infrastructure investment that should be recovered through distribution rates, NOT in supplement surcharges that begin long before customers can realize any benefits from the project.
The Maryland PSC refused to “depart from the core principle that utilities recover infrastructure investments through distribution rates.”
I continue to write this in one forum after another and on our blog — the benefits of the smart grid must first be identified and accepted by the rate-payer, and then fairly apportioned to the utility. One application at a time, NOT one smart grid system at a time.
The division of benefits of the smart grid between the utility and the rate-payers must be fair and reasonable — this is the simple responsibility that the utility regulators continue to oversee.
While traveling over the continent of Africa at the end of the 90s, it became clear that right of way was the most expensive, hard-to-create, and hard-to-operate-and-maintain asset in every country. Power authorities struggled to get the legal right and the funds to create transmission paths from their plants and dams to their customers. At the same time, telecom companies were forced by economics to use a European country’s satellite connections and to pay them what amounted to a transfer fee on every call outside their country – even if the call was connected to a neighboring African country.
But neither the power nor the telecom service providers thought to build along a common right of way. They seemed to always operate separately. On realizing this, I went out of my way on a number of occasions to put together power people I met with telecom commissions (the telecom commissions of Economic Community of West African States and the Southern Africa Development Community with Eskom and the Southern Africa Power Pool).
The important idea we began to discuss together was to focus the revenue streams of power transmission and telecommunications along the same right of way to nourish this common carrier path’s sustained operations and maintenance.
A power grid network can evolve this common carrier pathway into transformative opportunities, such as:
Advanced communications services and local power grids can flourish in the reciprocal relationship of a power grid network.
Power utilities leasing out their right of way for telephone links can provide ancillary revenue, but insufficient to fund and manage the smart grid.
Telecom companies offering standard “plain-old-telephone-services” and internet access over power grid utility pole lines confront dual limitations in both traffic and profit margins that universal service funds can never adequately address.
The community’s scarce resources can be better deployed for everyone’s benefit than they are now. This power grid network offers one real solution.
See: USrural project
This $165 billion question for utilities is coming from retail customers, and their consumer advocates, and now more and more public service commissions.
1-Smart-grid Costs shock consumer advocates
We’re starting up some discussions with U.S. local power distributors this week about an answer.
What Is USrural To Us?
What Does USrural Bring To The Table?
What Would Be Our Responsibilities In A Relationship With USrural?
What Would Our Benefits Be From A Relationship With USrural?
What Does USrural Seek From A Relationship With Us?
Illegal connections will follow Eskom tariff hike IOL.co.za
January 18, 2010
Eskom’s proposed 35 percent tariff hike will lead to more illegal connections because electricity users cannot afford the cost of power, the SA Institute of Electrical Engineers and COSATU said Monday. “This tariff hike will have far-reaching implications. One of them will be the escalation of energy theft,” the institute’s president Du Toit Grobler told hearings in Durban, organised by the National Energy Regulator of SA (NERSA).
Eskom wanted a 35 percent tariff hike each year for the next three years. COSATU secretary in KwaZulu-Natal, Zet Luzipo, said the electricity hike would force resort to illegal connections and the use of dangerous forms of energy, including indoor coal burning and paraffin stoves, he said. Grobler proposed that Eskom should design a tariff hike for the next ten years so that consumers would not be adversely affected. He said the proposed tariff hike would also reduce economic growth, slow down the pace of recovery from the recession and lead to numerous job losses. He raised concerns about people who did not pay for electricity and criticised municipalities that wrote off unpaid energy bills.
Questions and Answers for Dr. John Lamola
What are the vulnerabilities of municipal power distribution grids in this instance?
The federal government has stripped Eskom, the quintessential para-statal utility, down to its core competency more than once. 350 local power distribution grids remain under municipal governments to strengthen local political accountability in South Africa. Because municipal energy companies purchase energy wholesale from Eskom and retail it to end-users, the municipality is caught in the middle of each Eskom price hike.
The municipality must mark up the wholesale price to cover its costs and collect it from its customers. However, this retail collection has proven problematic in the past under more favorable economic and pricing environments than we contemplate here: In June of 2008, the CoT discussed adding the collection of ZAR2 billion in uncollected energy bills to the Smart Grid Tender’s requirements.
A35% increase in wholesale energy pricing will have a radical impact on end-users’ ability to pay for energy. But Eskom will look to the CoT government treasury for payment. In the meantime, end-users will have a new incentive to find ways to get energy without paying for it. Many people are out of work, and wages of the employed are static and inadequate to sustain a 35% energy price hike.
End-users are likely to dispute their bills, refuse to pay their bills, or even seek methods and middlemen who can provide ways to obtain energy without detection and therefore without paying for it. In Karachi, Pakistan this phenomenon has resulted in a current situation where more than 50% of the energy produced by the Karachi Electrical Service Corp. being stolen by ‘organized crime’ for its own use at no cost.
The municipal energy company will incur higher operational costs to detect energy fraud / theft, manage energy bill disputes, and control energy distribution in this new disrupted / disordered user market.
As costs rise, revenues will plummet from customer disorder in the marketplace. Revenue disruption forces more support from tax-payers – whether local or federal – at a time when the overall economy is in recession that diminishes tax revenues.
As the wholesale energy supplier and creditor, Eskom is the first to be paid, and therefore is absolved of these difficulties. All these difficulties fall on the municipal energy company and its ultimate underwriter, the taxpayer.
How will municipal power distribution grids protect themselves from these vulnerabilities?
The municipal energy company must not allow itself to get behind in confronting any of these issues.
A smart grid management system is required to monitor energy access and usage – not only at customer meters, but also throughout the grid. This requires sensors on all power links and transformers that communicate bilaterally with the management system so that detection and energy control are both accomplished in real time.
Energy usage detection and control must be transparently independent of personnel interventions – either in the central or outside plant facilities.
The absolute integrity of every energy record generated by reports from sensors and meters, and the system’s commands to them must be secured and objective evidence thereof accessible in the system to solve disputes that may arise.
The self-aware and articulated energy management system can enforce the rule of law and prevent disorder and disruption of the energy usage market. Fraud and theft detection and enforcement can operate in real-time and minimize revenue loss at the lowest cost possible.
An objective, accurate vision of energy usage can educate users in more productive less costly energy uses, while protecting the common grid from unintended waste, damage, and loss consequences that will otherwise reduce energy availability to everyone, while raising costs for all parties.
Under the best of circumstances, today energy systems must generate a minimum of 2 kilowatt hours for every single kilowatt hour that is actually used. Municipal energy companies can prevent this over-production from increasing, and eventually they can diminish this over-production requirement with a successful smart grid management system.
What are the right smart grid technologies and what should they cost?
According to the U.S. Federal Energy Research Commission (“FERC”), the recent USD3.4 billion [ZAR25.48 billion] Smart Grid Investment Grant (“SGIG”) Program disbursements entail about 10 million new smart meters. There’s enormous variability in the costs of the smart-meter roll-outs as described by the various SGIG grants against matching private investments (all of which must exceed the grant):
The projects themselves surprisingly seem to be one-offs, each intending to validate one organization’s view of the new generation of smart grid. This program also tells us that even in these smallish percentages of planned deployment (less than 10% of the projected U.S. meter requirement nationally), the costs are huge. Getting to the FERC’s ‘partial adoption’ could easily cost another USD15 billion [ZAR112.36 billion] of government funding, and another USD20 billion to 30 billion [ZAR149.8 billion to 224.7 billion] in private investment. The numbers to get to a fuller adoption are far higher.
How will municipal power distribution grids acquire these protection strategies?
The municipal energy company has only three alternatives to acquire these energy management systems:
o Benefits of the TWU third alternative
Interesting Points from Information Week‘s Worst of…
In 2007, the words “Internet security” joined the ever-growing list of self-canceling phrases, alongside “business intelligence,” “Congressional ethics,” and “Microsoft Works.” This year, bot herders proved they could harness enough zombie PCs to take down an entire country’s infrastructure for a month. Estonia eventually recovered, but our notion of Net invulnerability hasn’t.
According to McAfee’s Virtual Criminology Report, some 120 governments are actively engaged in Web espionage and cyber assaults. Meanwhile, private criminals used the Storm worm to created a botnet for hire containing millions of zombies–enough to take down a major network. And while the FBI’s Operation Bot Roast nailed a handful of domestic bot herders, that leaves several thousand more to go, most of them living beyond the Feds’ reach. Three-quarters of cyber attacks in 2007 originated outside the U.S., according to Symantec’s most recent Internet Security Threat Report.
As with global warming, there’s plenty of blame to go around–for everybody from developers of insecure software to home users who blithely log on without inoculating their PCs. Let’s hope they get more of a clue in 2008.
“enough zombie PCs to take down an entire country’s infrastructure for a month” A series of online attacks seriously disrupted Web sites belonging to several banking and government organizations in Estonia this year may have been perpetrated by a loosely organized, politically motivated online mob, a security researcher suggested at the Black Hat 2007 conference.
The attacks hold several lessons about how large-scale Internet attacks can unfold and the responses that may be needed to deal with them, said Gadi Evron, security evangelist for Israel-based Beyond Security. “The use of the Internet to create an online mob has proven itself and will likely receive more attention in the future,” following the Estonia attacks, said Evron, who wrote a postmortem report on the incident for the Estonian CERT.
The widely reported attacks in Estonia crippled Web sites belonging to the Estonian government — including that of the nation’s prime minister as well as several banks and smaller sites run by schools. The online attacks are believed to have been triggered by the Estonian government’s decision to relocate a Soviet-era war memorial in Tallin called the Bronze Soldier.
The decision sparked more than two days of rioting in Tallin by ethnic Russians as well as a siege of the Estonian embassy in Moscow. It also appears to have sparked an Internet riot aimed at the country’s online infrastructure, Evron said.
Initial media reports suggested that the denial-of-service (DOS) attacks may have been organized by the Russian government in retaliation for Estonia’s decision to move the statue. The reality, however, is that the attacks were carried on by an unknown number of Russian individuals with active support from security-savvy people in the Russian blogosphere, Evron said.
Many Russian-language blogs offered simple, detailed instructions to their readers on how to overload Estonian Web sites using “ping” commands, Evron said. The bloggers also kept updating their advice as Estonian incident responders started defending against the initial attacks.
The attacks started with pings and quickly scaled up to more sophisticated attacks, including those enabled via botnets from outside Estonia. One attack was launched by a specially crafted botnet with targets hard-coded in their source, Evron said. Some bloggers attempted to collect money to hire botnets to launch attacks against targets in Estonia, Evron said. The timing of the attacks, their scope and the sudden availability of botnets to aim at Estonian targets suggest that some level of organization was involved. But no evidence explains who was responsible.
None of the attack methods were new or sophisticated, Evron said. Neither were they particularly large as far as DOS attacks go. But they were enough to seriously disrupt several services in what is a very Internet-dependent country. For instance, because bank sites were crippled, many citizens were unable to conduct ordinary transactions such as buying gas and groceries.
The attacks highlight several issues — chief among them the importance of incident response, Evron said. When the attacks started, the Estonian responders first focused on the targets rather than sources. Filtering technology was used to throttle back on traffic aimed at target systems, which, at its peak, reached between 100 to 1,000 times the normal amount of traffic.
Quick decisions were made on which systems to protect first and all connections to those systems from outside the country were blocked. Efforts were also made to lure attackers to less critical systems and draw their attention away from the more important ones, Evron said.
The Estonian incident also showed how — at least in that country’s case — “critical infrastructure” proved to be banking and private-sector companies, ISPs and media Web sites, not Estonia’s transportation or energy sectors, Evron said.
“some 120 governments are actively engaged in Web espionage and cyber assaults” Governments and allied groups worldwide use the Internet to spy and launch cyberattacks, targeting critical systems including electricity, air traffic control, financial markets and government computer networks, according to McAfee’s annual report on global cybersecurity.
This year, China has been accused of launching attacks against the United States, India, Germany and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee’s Virtual Criminology Report, issued today and developed with input from NATO, the FBI, the United Kingdom’s Serious Organized Crime Agency, and various groups and universities.
“Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses,” McAfee states. “Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage.”
One attack against Estonia, allegedly carried out by Russia, disrupted government, news and bank servers for several weeks, McAfee notes. In the United States, a Pentagon computer network allegedly was hacked by China-based perpetrators in June, the McAfee report states.
The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says David Marcus, security research and communications manager at McAfee Avert Labs.
He doesn’t think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. “We’re already starting to see that with state-sponsored malware,” he says. “I only think you’re going to start seeing more than that because it’s easier to attack government X’s database than it is to nuke their troops.”
McAfee said its research also found an increasing threat to banking and other online services, and “the emergence of a complex and sophisticated market for malware.” Malware today is more complex than ever before, capable of acting as if it were genetically modified. “These ‘super-strength’ threats are more resilient, are modified over and over again like recombinant DNA,” McAfee writes. “Nuwar (‘Storm Worm’) was the first example, and there will be more in 2008.”
VoIP is a new target of cybercriminals, and social-networking applications — MySpace and Facebook may be exploited more often, going forward, McAfee says. NATO insiders say many governments are unaware of Web espionage threats, leaving themselves open to cyberattack.
One aspect that might be overlooked is the economy that distributes the tools of cybercrime. Software flaws are sold for as much as US$75,000, and criminals can buy custom-written Trojans designed to steal credit card data. Additionally, McAfee says an “underground economy already includes specialized auction sites, product advertising and even support services, but now competition is so fierce that ‘customer service’ has become a specific selling point.”
“ private criminals used the Storm worm to created a botnet for hire containing millions of zombies” The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats. “As you try to investigate [Storm], it knows, and it punishes,” he says. “It fights back.”
As a result, researchers who have managed to glean facts about the worm are reluctant to publish their findings. “They’re afraid. I’ve never seen this before,” Korman says. “They find these things but never say anything about them.” And not without good reason, he says. Some who have managed to reverse engineer Storm in an effort to figure out how to thwart it have suffered DDoS attacks that have knocked them off the Internet for days, he says.
As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm’s botnet, Korman says.
A recently discovered capability of Storm is its ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them. Users will see that, say, antivirus is turned on, but it isn’t scan for viruses, or as Korman puts it, it is brain-dead. “It’s running, but it’s not doing anything. You can brain-dead anything,” he says. The worm has created a botnet of slave machines whose latent size and power is unknown. The number of infected machines available to launch spam and DoS attacks is estimated from hundreds of thousands to 50 million. Korman says he believes it’s between 6 and 15 million.
The botnet the worm commands is used infrequently, indicating that it is for sale or lease to what he terms “profit nation” — computer hackers who do their work for money not fame. The potential exists for political entities to use the botnet for cyberterror attacks, he says.
“It’s getting more serious the more I look at it,” Korman says. “I’m more concerned not so much about where Storm is today, but where it’s going.” Still, the power of Storm, also known as Peacomm, is still hotly debated. Earlier this week another expert said the worm had pretty much run its course and was subsiding.
the FBI’s Operation Bot Roast nailed a handful The FBI Wednesday announced that its “Operation Bot Roast” anti-botnet sweep has so far identified more than 1 million hijacked personal computers and resulted in the arrest of three men charged with everything from spamming to infecting systems at several hospitals.
The operation is an ongoing effort to disrupt the bot trade and identify botnet controllers, the FBI said at a news conference. “Bot” is the term for an infected personal computer. A “botnet” is a large number of hijacked PCs controlled by a hacker, called a “bot herder.” Botnets are used by spammers, criminals launching distributed-denial- of-service (DDoS) attacks and malware authors looking to spread their applications. “The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said James Finch, FBI assistant director for the cyber division.
With the help of the CERT Coordination Center at Carnegie Mellon University, the FBI is also trying to notify the owners of the million-plus victimized computers it has fingered as bots. “Through this process, the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity,” the agency said.
That’s exactly how authorities uncovered bots controlled by three men recently arrested, including spam king Robert Soloway in Seattle, James Brewer of Arlington, Texas, and Jason Downey of Covington, Ky., with various felonies. According to indictment papers filed yesterday in a Chicago federal court, Brewer compromised more than 10,000 computers worldwide, including machines at two area hospitals, between October and December 2006. “The ‘bots’ caused the infected computers to, among other things, repeatedly freeze or reboot, causing significant delays in the provision of medical services,” the indictment states. It took the hospitals more than 1,000 man-hours to clean up after the infections.
Downey, meanwhile, was charged two weeks ago with running a botnet that conducted DDoS attacks using an IRC (Internet relay chat) server called Yotta-Byte.net. Last year, that server was one of several that Sophos PLC linked with ongoing attacks by the Agobot worm.
Estimates of the botnet problem’s size are hard to pin down: Symantec Corp.’s most recent report estimated there has been a 2nd half 2006 increase of 29% in the number of hijacked computers.
Three-quarters of cyber attacks in 2007 originated outside the U.S. Today, the threat landscape is arguably more dynamic than ever. Identity theft is an increasingly prevalent security issue, particularly for organizations that store and manage information that could facilitate identity theft. Compromises that result in the loss of personal data could be quite costly, not only to the people whose identity may be at risk and their respective financial institutions, but also to the organization responsible for collecting the data. Data breaches that lead to identity theft could damage an organization’s reputation, and undermine customer and institutional confidence in the organization. Underground economy servers are used by criminals and criminal organizations to sell stolen information, typically for subsequent use in identity theft. This data can include government-issued identification numbers (such as social security numbers), credit cards, bank cards, personal identification numbers (PINs), user accounts, and email address lists.
Symantec tracks and assesses underground economy servers across the Internet using proprietary online fraud monitoring tools. For the first time in this issue of the Internet Security Threat Report¸ Symantec is assessing the types of goods that are most frequently offered for sale on underground economy servers.
Check this out.