how vulnerable is the Power Grid of INDIA

The attack could come when we're most vulnerable — a blistering hot July afternoon or a freezing cold January night. Suddenly, vast sections of the U.S. power grid go black. The lights go out, air-conditioning (or heating) shuts down. Once it becomes clear that this is no temporary brownout, the public begins to panic. At the power utilities, engineers can't understand why the network shut off, and can't get it to start up again. It's hours before the truth emerges: a terrorist group (or a hostile country, or some evil-genius hacker) has broken into the computer networks that control the power grid, bringing the U.S. to its knees.

If that worst-case scenario crossed your mind last week, it was probably because you'd just read news reports that federal authorities had detected signs that hackers — likely from Russia and China, countries with militaries known to be pursuing cyberwarfare capabilities — had penetrated the computer systems that control the power grid. It was unclear when these intrusions had taken place, but they had left a software signature. If that wasn't disturbing enough, the North American Electric Reliability Corp., a Congress-authorized regulator, issued an alert that the utilities had not adequately surveyed their computer systems to detect vulnerabilities. (Read "Can We Prevent Another Blackout?")

As bad as all that may sound, there are several reasons not to panic about our power grid's vulnerability.

•No national power grid anywhere in the world has been brought down by a cyberattack. And it's worth keeping in mind that most countries have much fewer defenses from cyberattacks than the U.S. "It's virtually impossible to bring down the entire North American grid," says Major General (Rtd) Dale Meyerrose, a cybersecurity expert who recently retired as chief information officer for the Director of National Intelligence. The electricity-distribution system is highly decentralized, and there's no central control system; at worst, cyberattackers may be able to damage sections of the grid.

•The most critical power users — the military, hospitals, the banking system, phone networks, Google's server farms — have multiple contingencies for uninterrupted power supply and backup generation. In the event of a cyberattack on the grid, they would be able to operate for long periods — days, weeks and, in some cases, indefinitely — without much difficulty.

•The power grid is far from perfect. On any given day, 500,000 Americans experience an outage, says Arshad Mansoor of the Electric Power Research Institute, which is funded by the utility industry. Why is this a good thing? Because it means the grid deals with breakdowns all the time, and the industry knows how to fix them. The grid has built-in redundancies and manual overrides that allow for restoration of supply. Mansoor is careful to point out that these are "not defenses against cyberattacks, but for dealing with the consequence of such attacks."

•The larger point is that in most cases, damage done to the power supply can be undone. "In the banking system, if someone hacks the system and steals information about 500,000 credit cards, it's incredibly tough to undo that damage," says Mansoor. "But if a section of the power grid goes down, we start it up again."

Of course, every power outage comes with a cost, not least to the economy. Mansoor would not discuss how long it would take to recover from a cyberattack — there are too many variables involved — but said the longest delays in restoring power are typically caused not by technological glitches but by major acts of God, like hurricanes and earthquakes that destroy physical infrastructure. (Read a TIME blog on China and hacking.)

This is not to suggest that the power grid can't be hacked into. In 2007, CNN reported that researchers working for the Department of Energy had mounted an experimental cyberattack against a power generator and were able to get it to self-destruct. Details of the experiment were kept from the public at the request of the Department of Homeland Security.

While Meyerrose, Mansoor and other experts agree that the utility industry's vulnerability will grow as its command-and-control systems rely ever more on computer networks, those concerns are not new. Some security experts have cautioned against the growing use of "smart grid" technology — which relies even more on computer networks to allow both utilities and individual consumers to monitor and reduce power usage. There are already 2 million smart meters in use in the U.S., and the Obama Administration's 2010 budget includes $4.5 billion in spending on such technology. The fear is that these meters may allow hackers access to the grid's control systems. But smart-grid backers say the opposite is true: the use of more-sophisticated monitoring systems makes the grid safer.

The timing of the recent reports about the power grid's vulnerability to cyberattacks may have more to do with politics than anything else. The news flurry coincided with the introduction of a new bill, by Senators Jay Rockefeller and Olympia Snowe, to impose cybersecurity standards on private industry — regulations that would likely affect the utilities and other vital infrastructure. And this week marks the end of a 60-day review by the National Security Council of the nation's cybersecurity polices and practices; the results will be submitted to President Obama any day now, and will likely be made public later this month.

As the review has drawn to a close, a turf war has broken out in Washington over which agency should be put in charge of cybersecurity — and get the billions of dollars of federal money that comes with it. Last month, Rod Beckstrom quit as director of the National Cybersecurity Center, citing turf battles between the Department of Homeland Security (which oversees the center) and the National Security Agency. His take on the sudden alarm bells over the power grid's cybersecurity? It's a power grab: a competition between two government agencies to become the main player in cybersecurity.

Cast your votes for the TIME 100.

See TIME's Pictures of the Week.

Read more: http://www.time.com/time/nation/article/0,8599,1891562,00.html#ixzz0oXDzXG7b

source

Antony sounds alert over cyber warfare threat

• Share

Mon, May 17 03:32 PM

New Delhi, May 17 (IANS) The defence forces need to work in unison to combat computer-based external attacks, Defence Minister A.K. Antony said Monday, reflecting the government's worries over the complex world of cyber warfare amid reports of Chinese spies targetting the Indian military via the Internet.

'The paradigms of security in the age of information technology are seldom constant. The evolving security matrix is complex and calls for co-operation and coordination of the highest level,' Antony said, addressing army commanders here.

The minister said cyber attacks were 'fast becoming the next generation of threats' and as such, no single service could work in isolation.

'We need to make our cyber systems as secure and as non-porous as possible,' he said.

The assertion comes amid frequent attacks and the subsequent alerts sounded by army authorities over China and Pakistan-based cyber spies peeking into India's sensitive business, diplomatic and strategic records.

Recently, an Indian army major's computer was hacked in the Andaman and Nicobar Islands. The input was given by the American intelligence agencies after some intercepts showed a picture of a brigadier, on a training course in the US, being dispatched to Pakistan from the computer in the Andaman and Nicobar Islands.

Antony made a strong plea for synergy among the army, the navy and the air force, saying the 'future security matrix calls for a high-degree of cooperation and inter-dependence among the services'.

'The primary area of focus should be to develop a force capable of operating in a joint network-centric environment,' he said.

'Though significant progress has been made towards accomplishing jointness in various operational training and administrative facets among the three services, there are a number of areas of congruence that need to be strengthened further,' he said.

Referring to the modernisation plans of the armed forces, the defence minister said it was in the government's long-term national interest to become self-reliant in the field of critical defence equipment.

'Modernisation of the armed forces depends upon the capital acquisition plan. However, the acquisition of critical technologies from foreign countries is subject to various technology denial regimes and the prevailing global geo-political situation,' he said.

Antony underlined that the defence public sector undertakings were capable of undertaking design and development work.

'Despite these achievements, we must guard against complacency and must ceaselessly work towards more value addition, product support and serviceability of the supplies made to the end-users - the services,' he said.

• Email Story
• IM Story

source