Comment Articles

The worm at the heart of the Big Apple

Rupert Goodwins ZDNet.co.uk

Published: 20 Aug 2003 16:10 BST

As silence descended on the blacked-out eastern seaboard of the US last week, one sound could clearly be heard. Internet backbone companies were slapping each other on the back. Despite the loss of the most fundamental motor in our civilised society, the Net continued to run perfectly. But now, some are asking whether the Net was the prime source of the problem -- did a computer attack bring down the grid?

It might seem like a conspiracy theory par excellence; an attempt to shift the responsibility for the outage anywhere but the power companies. The search for someone to blame has already pointed the finger at the poor old Canadians (for being connected at the time) and us British (for owning some of the companies concerned): when none of that stuck the old standby of "outdated transmission systems" was rolled out. Such words produce a picture of rusty old pylons and sagging cables: unwelcome, but easy to fix. Now, evidence is gathering that the antiquated systems aren't so much the cables and switchgear but the computerised monitoring, control and alarm systems that string everything together -- and the ordinary computer networks they rely on.

At the heart of power generation and distribution in the US and elsewhere is Scada, the Systems Control And Data Acquisition protocol. You'll be hearing a lot about that in the near future, and it looks at first like a good candidate for the problem. Scada is the glue that links together the hardware of power production -- the turbines, sensors, metering and switching -- with the computers that configure the power network, warn of problems and automatically isolate systems that go wrong in dangerous ways. We know already that this didn't happen: signs of instability went ignored. When lines started to go down because of overload, thus overloading other lines, this information was either not received or not acted on by neighbouring areas.

Scada is, at heart, not a secure system. Surveys of installations have time and again found problems, such as gateways into Scada systems connected to the public telephone system via modems -- with passwords left at the factory default. And the pressure to link Scada systems to others is growing -- like everyone else, Scada implementers are using open standards and designing business systems that are ever more tightly implemented, with the data coming out of the control networks. And these in turn are on the Internet, and vulnerable. Utility engineers and software designers have ignored or downplayed security issues, in a chilling reflection of the attitudes prevalent in companies like Microsoft until recently.