Llewellyn King: Is China slipping in hardware that could jeopardize our electric grid?
There are new worries afoot in the electric-utility world.
The issue is the integrity of the grid and the possibility that foreign suppliers of bulk power equipment (BPE) may have introduced the technical equivalent of Manchurian candidates into the hardware that manages the system.
This represents a departure from previous concerns that have emphasized software and paid more attention to attacks aimed at the computer systems of electric utilities than to their hardware. They get millions of these attacks every day and have worked relentlessly to protect against them.
Now a new front has opened.
The battle has moved from the world of Internet technology to the hardware itself, to BPE. Leading the charge to draw attention to systems whose vulnerability may have been overlooked is Joe Weiss, a professional engineer, a veteran of the Electric Power Research Institute in Palo Alto, California, and now an independent consultant.
Weiss said in a blog, which went viral in the world of utility engineers last week, “Why would attackers hit defenses head-on when they can simply bypass them?” And that is exactly what they’re doing, he believes.
On May 1, President Trump issued the far-reaching Executive Order 13920, which prohibits the purchase of major BPE from potential adversaries, later named by the Department of Energy as China and Russia, among others.
China is the primary supplier of BPE to American utilities.
Then, on July 8, the department issued a request for information about what the electric utilities purchase and from where. It appears the government is attempting to scope the problem.
Initially, many in the industry thought the executive order was just another shot in the Trump administration’s trade war with China. But not so. It signaled what may be a big vulnerability not only in installed equipment but also equipment that is on order.
China has become the primary supplier of heavy equipment for utilities, particularly big transformers. While these have no moving parts, Weiss believes that they can have “backdoors” through which an adversary could catastrophically alter their operation.
The key, he says, may be the censors that can send false readings and bring about major disruption, and send parts of the grid haywire.
Transformers are critical to the distribution of current. They boost voltage to compensate for line losses and ultimately step down the voltage for local distribution.
This vulnerability story began after the terrorist attacks of 9/11, when a trend to look at the security of the electric grid turned to a greater concentration on IT and, some argue, away from the old regime of operational technology, where engineers took responsibility for the security of their equipment.
A cultural division opened, as I was told by the one of the nation’s top computer experts in academia.
Underlying this shift in responsibility are the workhorses of modern industry, programmable controllers, part of the larger Industrial Control Systems. These are the automated systems that do the work of managing operations in modern industry, including utilities.
The worry for the electric-utility industry is that these devices that manage the grid could be manipulated without showing up as an attack.
There is precedent for this kind of attack: The Stuxnet virus that disabled centrifuges at Iran’s Natanz nuclear facility in 2010. The United States and Israel didn’t go after the facility’s computer system — an attack that would’ve been detected — but rather after the controllers governing the centrifuges.
Last year, something big was discovered, and details are sketchy: A Chinese-made transformer at a large investor-owned utility was found to have counterfeit parts and, perhaps, backdoors through which the integrity of the grid could’ve been compromised.
Alarm bells rang at the departments of Homeland Security and Energy.
A similar or identical transformer made by JiangSu HuaPeng Transformer Company Ltd., a family owned company with a small office in San Jose, California, was seized by agents of the DHS and DOE and hustled straight to Sandia National Laboratory in Albuquerque, New Mexico, upon its arrival at the Port of Houston.
This transformer had been destined for the Western Area Power Administration’s Aluit Station, near Denver. WAPA is one of the power distribution systems owned by the government through the Department of Energy.
What, if anything, has been discovered in the transformer hasn’t been disclosed.
Everything is cloaked in secrecy, my sources tell me.
On Twitter: @llewellynking2
Llewellyn King is executive producer and host of White House Chronicle, on PBS. He’s based in Rhode Island and Washington, D.C.
Llewellyn King: Thank God for electricity, especially now; but the grid is always under threat
WEST WARWICK, R.I.
Nothing will be the same again
Those are words that that challenge the heart and the imagination. The heart because, as in a death or the loss of a job, some things will be very missed. The imagination because it needs inspired speculation to know how the present crisis will reshape the way we live; how we are governed, how we educate, how we do business and how we play.
Some losses are somewhat predictable. Most of us may never sit in a movie theater again because there may be no movie theaters. They were already having a hard time with the competition from streaming services, now many may just not reopen. Question: What will be done with those buildings? They are mostly part of shopping centers where many of the tenants for restaurants and specialty shops will also go out of business.
Here’s my answer: In that glorious time when we have licked COVID-19, many new entrepreneurs will get their start in those empty shells. A myriad of yet-unknown businesses will crop up, coming out of these times of ultra-difficulty. Failing shopping centers offer habitat to startups.
We are in a state of war and in war, despite its horror, there is invention. As we try to defeat this pandemic, there will be inventions aplenty.
War has always spurred creativity, in art and in science, and in its aftermath, a time of optimism and opportunity. Catastrophe shakes up society and reorients it. There is a high price but a great reward
Needs must, there will be a re-evaluation of values and the goods and services which are essential. High on that list will be electricity. Over and over again we will be asking ourselves if the electric grid is safe and if so, how safe?
As Morgan O’Brien, co-founder of Nextel and now CEO of Anterix, which offers utilities secure communications systems, told me, “The coronavirus pandemic is putting more stress on the infrastructure which keeps our society functioning. Critical infrastructure like the electric grid will be more stressed as it is the essential lifeline for Americans sheltering in place.”
A loss of all or part of the grid is an existential fear that has had experts worried since the first computer hackers had a go at it. Utility presidents have told me that it is grid security that keeps them awake at night. It should. CPS Energy, the utility in San Antonio, gets more than 2 million hits a day, I believe.
Late last year the president’s National Infrastructure Advisory Council warned strongly of the dangers of cyberattack. It said the electric utility industry is good at tackling small, short-term outages but it is essentially unprepared for catastrophic outages lasting a long time.
Earlier this year James Woolsey, a former CIA director and an honorary co-chair of the Secure the Grid Coalition, wrote to the Federal Energy Regulatory Commission demanding it order more physical security for transformers, pylons, etc. Woolsey cited a lack of improved physical security since that became an issue with the sophisticated disabling of Pacific Gas & Electric’s substation in Metcalf, Calif., in 2013.
John Savage, professor emeritus of computer science at Brown University, who is writing a book on cybersecurity, raises a less-mentioned dimension of threat to the grid: the role of GPS. With the advent of global positioning satellites, he explained, the utility industry switched from using atomic clocks to using GPS timing as the basis for its nationwide synchronization.
Savage told me, “Dependence on GPS for timing is a security risk. If GPS timing signals are distorted or lost, serious damage may be done to the grid.
“GPS signals can be lost due to a local jamming, blackouts, produced by a solar flare, or spoofing. A GPS anomaly alone or a cyberattack combined with one can cascade and bring down a large portion of the grid for an extended period of time.”
Gen. James Jones, a retired Marine commandant and NATO commander, told me, “For the past several years, I have been preoccupied by the proximity of threats, particularly in the cyber realm.”
Much will change, but the need for reliable electricity will remain paramount.
Llewellyn King is executive producer and host of White House Chronicle, on PBS. His email is llewellynking1@gmail.com, and he’s based in Rhode Island and Washington, D.C.
Robert Whitcomb: Drawbacks of deregulation and DIY
For years, deregulation and the Internet have been pulling us into a more decentralized and freelance economy, in which there’s wider consumer choice, albeit with stagnant pay and a decline in person-to-person service that forces us to do more tasks ourselves that were previously done by those dinosaurs called “employees’’.
Consider Uber. As I discovered when one of my daughters pulled out her iPhone a couple of years ago on a busy Manhattan street to summon an Uber driver, it’s sometimes faster to find one of these mobile freelancers than it is to find a regulated Yellow Cab in a big city.
But the cabs, being regulated, function as a public utility. They have to meet certain basic minimums of availability, cleanliness and safety that can’t be imposed on the likes of Uber, whose drivers are, of course, not obligated to provide services in the same way as cabbies. I don’t think that we want unregulated drivers to totally replace generally reliable and regulated cabbies.
Long before Uber, of course, there was the partial deregulation of the airlines. While this led initially to lower prices for many travelers, it has also made travel more chaotic and unpredictable. And deregulation, the “Hub-and-Spoke’’ system and relentless airline mergers mean that mid-size cities get shorted on flights.
While better electronics systems make planes less likely to crash these days than three decades ago, air travel itself is increasingly miserable.
In the old, tightly regulated days, figuring out airline schedules and fares was comparatively easy. Now it’s an ordeal, and conditions within airplanes are increasingly crowded and unhealthy. And as the airlines, like other businesses, seek to outsource service to computers so that they can lay off more people, addressing problems by communicating with customer-service humans gets tougher.
Then there’s the new do-it-yourself, deregulated and decentralized energy world. Consider that many affluent folks are saving money and reducing their carbon footprints by having solar panels installed on their roofs. Good in itself! But this takes business away from the utility companies, which could jeopardize the viability of the huge electric grids that utilities maintain. We’ll continue to need that grid to support modern society, with its ever-increasing supply of electronic devices.
Might not it be better if we put more focus on producing green electricity with huge solar-panel arrays and wind-turbine farms maintained by utilities that serve everyone – rich and poor?
xxx
The Obama administration has worked very hard to craft a deal with Iran to try to get it to at least postpone continued work on nuclear weapons.
But the administration’s effort will probably turn out to have been in vain. For one thing, the corrupt theocratic dictatorship that runs Iran will cheat and cheat as it evades inspections. It may receive technical help in this cheating from the likes of fellow police states Russia and China, two of the signatories to the nuclear deal, which will happily sell them militarily useful stuff.
Iran will almost certainly use the billions of dollars freed up by the ending of economic sanctions to increase its troublemaking. Iran’s regime seeks to dominate the Mideast – partly to protect and promote its fellow Shiites and partly because domination is fun and profitable for its leaders. And Tehran hasn’t really toned down its “Death to America and Israel’’ rhetoric.
Now we have made the mullahs more macho. No wonder Iran’s neighborhood is scared.
Some complain that America, as the first nuclear power, is hypocritical in trying to keep nuclear weapons out of the hands of other nations. That seeks to make an equivalence between a democratic nation like America and a dictatorship like Iran. And remember why we started our nuclear-weapons program in the first place – to defend ourselves from Germany’s mass-murdering Nazi regime, which was working hard to create an atomic bomb.
Some say that expanding trade with Iran will somehow make it kindlier. They said that about Germany before World War I and China now. Nations have other reasons besides economics to be nasty – for instance, paranoia, power for the sake of power and religion.
Robert Whitcomb (rwhitcomb51@gmail.com) oversees New England Diary. He's also a Fellow at the Pell Center, in Newport, and a partner at Cambridge Management Group (cmg625.com), a healthcare-sector consultancy. He used to be the editorial-page editor of The Providence Journal, the finance editor of the International Herald Tribune and an editor at The Wall Street Journal, among other jobs.