Cyber Attack (29 page)

Read Cyber Attack Online

Authors: Bobby Akart

BOOK: Cyber Attack
11.12Mb size Format: txt, pdf, ePub

“I voiced our concern and it was stipulated in the deal,” said Lau. “Now, let’s talk about what we know about the entire power grid before we throw out ideas on the intrusion. Walthaus, you’ve studied this more than any of us.”

“After the Vegas hack, I became interested in the issues raised on the vulnerability of the U.S. power grid to various threats—including cyber,” started Walthaus. “When we were contacted by Greenpeace, I thoroughly researched this in order to avoid a repeat of Vegas. This is why I suggested we execute the Callaway hack for a limited period of time to coincide with the Space Station flying overhead.” Walthaus stood and approached a chalkboard recently installed by Lau.
Today, he was the professor
.

“On a national scale, how does the grid work?” asked Fakhri.

Walthaus began writing as he spoke. “Generally, the delivery of electricity has three main components—power plants, transmission lines and the distribution to the end user through local utilities. The Vegas project affected a local utility while the Callaway project attacked a power plant.” He drew images of a nuclear plant’s cooling tower and stick houses, connected by lines.

“In addition, the power lines between the power plants and the utilities pass through variable-frequency transformers, which permit a controlled flow of energy. Without these transformers, the flow of power moves through the lines uncontrolled as to source and load. The result to the utility network would be a massive destabilization from the rapid changes in power. The converter transformers at the utility would be overloaded and fail.”

“Why isn’t the grid interconnected?” asked Lau. “How many components are there?”

“The better way to look at it is by region,” replied Walthaus. “The U.S. is divided into two major interconnected power grids. The Western Interconnection spans the entire West Coast from Canada to Mexico, and then east over towards the Midwest. The Eastern Interconnection includes all of the East Coast and extends to the base of the Rocky Mountains. Both of the major power grids exclude Alaska, Hawaii and Texas.”

“I can understand how Alaska and Hawaii are separated geographically, but why Texas?” asked Lau.

“Partly because of their historical desire for self-sufficiency and partly because of their bumper sticker
Don’t Mess with Texas
, the state maintained its independence during the early days of building the grid. During World War II, Texas was home to several factories vital to the war effort. Their utility planners were anxious to keep the assembly lines running and were concerned about the reliability of the power supply from other states. Texas continues to be the nation’s number one gas producer and one of the top coal producers.”

Lau interrupted. “Texas created its own island of energy. They didn’t need the rest of us.”

“Basically, yes,” replied Walthaus. “It has served them well. As a result, the Texas grid is exempt from the majority of regulations imposed by the Federal Energy Regulatory Commission because they do not sell electricity across state lines.”

“Good for them,” said Malvalaha. “Texas is by far the largest user of electricity in the nation, yet their power costs are the lowest. Why would they submit to the federal bureaucracy?”

“It has worked out for them apparently,” said Fakhri. “But you have to wonder if this Tres Amigas proposal will meet with resistance from Texas.”

“What does that mean in Spanish anyway?” asked Malvalaha.

“Three friends,” said Walthaus. “If they were friends, they would have connected their grids already.”

“The client wants us to shut down all three of these grids at the same time?” asked Fakhri, turning her attention to Lau.

“Yes. He specifically said to avoid wasting time on Hawaii or Alaska. Their point will be made without the extra effort.”

Lau approached the chalkboard and erased the drawing. He wrote
East – West – Texas
across the top. “Let’s divide the research between the three
amigos
. Malvalaha will take the eastern grid, Fakhri will research the west, and Walthaus will try to crack the Republic of Texas.” Lau underlined each region.

“Electric systems are not designed to withstand or quickly recover from damage inflicted concurrently on multiple components. Our client wants us to coordinate the hack to put the country in the dark for a brief period of time, and then bring it back online. We need to research if this can be done simultaneously or staggered. For this reason, each of us will handle a different interconnection and I will consider the simultaneous approach. If it can’t be done as a coordinated effort, then I will tell our new client of the risks. I am sure they will understand.”

Of all the questions Lau answered that afternoon as the Zero Day Gamers conjured up a plan, one was not addressed—
how did they find us
?

 

Chapter 48

August 21, 2016

The Hack House

Binney Street

East Cambridge, Massachusetts

 

Lau impressed upon the Zero Day Gamers the importance of privacy and hiding their digital footprint. They utilized several approaches to use the web incognito. First, they always browsed the web using privacy windows, preventing websites from planting tracking cookies to trace their whereabouts or follow their activities.

Second, they utilized a virtual private network—VPN. A VPN utilized advanced encryption to hide Internet use by creating a virtual data tunnel while the user’s true IP address remained hidden from the rest of the world. Lau used the example of an author who was raided by Homeland Security based upon a warrantless NSA analysis of his online research. The author’s computer was seized and he was detained indefinitely as a domestic terrorist. The author finally convinced DHS he was researching a novel and he was eventually released. The Zero Day Gamers would not be.

“I have to provide an update to Mr. Troutman this afternoon, so let’s see where we are on our research,” said Lau. He pushed himself up to sit on the kitchen island countertop, allowing his feet to swing beneath him. He was feeling good. The Red Sox were on their way to clinching their division early and the thought of bitcoins in his virtual wallet was alluring. “Fakhri, West Coast, talk to me!”

“We collectively researched the documents and filings contained on the Federal Energy Regulatory Commission website,” replied Fakhri. “Based upon their latest classified filings with the Senate Committee on Energy, FERC has identified nine critical substations out of fifty-five thousand in need of additional security.”

“How did you access classified filings, or do I want to know?” asked Lau.

“It was actually simple, Professor,” replied Walthaus. “One of the committee members is Senator Al Franken, the former
Saturday Night Live
comedian. In his 2008 Senate race, activists for Greenpeace were accused of helping Franken commit voter fraud to secure his election by a mere three hundred votes.”

“So, he’s a funny crooked politician,” said Lau, his feet now beating against the kitchen island cabinets like a kid.

“It’s more than that, Professor,” said Malvalaha. “All three of us were amazed at the amount of detailed information Greenpeace had on the Callaway Nuclear Power Plant—some of which was not publically available.

“Fakhri spoke with her contact there, who admitted Franken was exchanging classified information on the nation’s infrastructure in exchange for campaign support,” said Malvalaha. She handed Lau a printout from her Greenpeace contact. “This report was generated by FERC for the Energy Committee. It identifies the nine critical substations.”

Lau hopped off the island and headed to the chalkboard. He scribbled the names of the locations under each of the regions. Under West, he wrote Portland, Denver and Calgary. Under East, he wrote Philly, Albany, Indy and Chattanooga.

“Chattanooga is an odd location,” said Lau as he looked at the report to confirm the location.

“Small city with a big impact on the Southeastern United States power grid,” replied Walthaus. “It is the heart of the massive Tennessee Valley Authority network of dams and nuclear facilities.”

“Okay. Then in Texas we have Austin and Waco,” said Lau. “Is there anything about these geographic locations of importance other than their location within the various interconnections?”

“Yes,” replied Walthaus. He stood and approached the blackboard. “These nine substations are in close proximity to the ten largest power plants in America. Only three of the top ten power plants are not nuclear—one hydro, one gas and one coal. Grand Coulee in the Pacific Northwest is a hydroelectric station and Plant Scherer—a coal-fired plant south of Chattanooga—are examples.”

Walthaus wrote the number ten on the board. “Based upon our research, these ten power plants generate over eighty percent of America’s electricity. If these nine substations identified by FERC were taken offline, the ten largest U.S. power plants would stop distributing energy and the entire nation would go dark.”

“Are you telling me we have to undertake ten intrusions like Callaway and Nevada Energy at the same time?” asked Lau. He removed his cap and ran his fingers through his thinning hair. He was surprised it hadn’t fallen out at this point.

“No,” said Walthaus. “We’re going to go after the substations. Because of the proximity of these nine substations to the most critical power generation stations, their failure will create a cascading failure across the three respective grids. There are a lot of factors to consider such as energy demand, weather and activity of the power plants themselves, but we believe for maximum effect, these nine substations will be our targets.”

“Let’s talk about timetable because I expect Troutman to ask,” said Lau. “First, do you have a date in mind, and second, can you be ready?”

“We have a date, sir,” replied Fakhri. “The images from the International Space Station were repeated throughout the international media for weeks. For that reason, we chose Saturday night, September 2. Like the Callaway hack on July 4, there will be a new moon and the ISS will have a complete view of the continental U.S. at approximately nine Eastern that evening.”

“And, we can be ready,” added Malvalaha. He sat up in his chair. “Don’t get me wrong, we have identified several methods to access the respective servers. We are in the process of conducting penetration tests to gain insight into each system’s structure. The next week will be very busy for us.”

“There is good news,” said Walthaus as he approached the blackboard again. He wrote one word—Microsoft. “The common denominator so far is a Microsoft Windows–based operating system,
our old friend
. We should be able to use elements of the Vegas and Callaway hacks for this project.”

“Good news indeed,” said Lau. He hopped off the kitchen island, generating another belch.

“We have found some precedent for what we are trying to accomplish,” said Malvalaha. “This is similar to the India blackouts of 2012.” Malvalaha opened up a window on his monitor and pointed to a map of India.

“What happened in 2012?” asked Lau as he walked to get a better view of the monitor.

“Like the United States, India is demarcated into several interconnections,” started Malvalaha, pointing at the screen. He circled the northern part of the map. “All of these regions were synchronously interconnected. This is what Tres Amigas is attempting to achieve. However, the southern regional grid is asynchronous—detached, like the United States power grid. When the country was hit by the cascading failures in 2012, the southern grid was spared.

“If the U.S. grid was interconnected, our job would be easier,” said Malvalaha. “Like India, a cascading failure of the grid will occur, but it will be compartmentalized between east, west and Texas. Something our client is not considering is the ancillary benefit of asynchronicity. After Tres Amigas is built, a terrorist or foreign country could bring the entire grid down with one intrusion because all three regions will be interconnected. At least now, some parts of the country’s grid would be protected.”

“Give me an overview of the plan,” said Lau.

Malvalaha switched to another map showing a picture of the continental United States with a series of red stars, blue dots and red interconnecting lines. The image resembled an airline route map you might see in the seat pocket in front of you while flying.

“We obtained this from a presentation given by the North American SynchroPhasor Institute last spring during a Homeland Security Subcommittee briefing. We downloaded it off the SmartGrid.gov website. You’ll notice the nine red stars. These represent the nine critical substations we identified on the blackboard. It wasn’t difficult to put two and two together and confirm the grid’s most vulnerable underbellies.”
Impressive
.

“I’m surprised terrorists haven’t figured this out,” said Lau.

“They’re too busy cutting off heads.” Walthaus chuckled. “Idiots.”

“You’ll notice there are no lines connecting the dots between the Texas, east, and west regions,” continued Malvalaha. “We will treat each interconnection separately, as its own country. By dividing up the responsibilities, we can formulate a plan quickly. Then we can coordinate our timing.”

Lau drew lines under the word
west
on the blackboard. “Using the western grid as an example, walk me through the process.”

“We haven’t thoroughly studied each system to identify the mechanics, but basically, here’s how it works,” replied Malvalaha. “We create a failure of the Calgary substation, which will immediately overdraw more power than what was scheduled from the Portland and Denver facilities. This creates an unscheduled interchange, which is normally done when there is a surplus of power available from the grid. It is less expensive than purchasing power from local, independent power producers. The western grid could survive a failure of the Calgary substation alone, but within seconds, the Denver substation will be taken offline. This will force the Portland facility to shed loads and transfer power to both Calgary and Denver. While we will be prepared to deactivate Portland as well, we probably won’t have to. The overdraw by Denver and Calgary will combine to trip the thermal plants at Portland beyond their capacity, leaving the entire system in the dark.”

Other books

Forbidden by Abbie Williams
A Haunted Romance by Sindra van Yssel
The Beloved Scoundrel by Iris Johansen
Breath by Jackie Morse Kessler
Replay by Marc Levy
Thunderhead Trail by Jon Sharpe
David by Ray Robertson