Comment Articles

The worm at the heart of the Big Apple

Rupert Goodwins ZDNet.co.uk

Published: 20 Aug 2003 16:10 BST

This isn't news. US security service teams have been looking intently at utility infrastructure IT since late 2001, and report that there are many systemic vulnerabilities. This time last year, the Washington Post reported that Ronald Dick, director of the FBI's National Infrastructure Protection Center, told a closed gathering of corporate security executives that "the event I fear most is a physical attack in conjunction with a successful cyber attack on the responders' 911 system or on the power grid."

That would be frightening enough, but the evidence is that the vulnerabilities extend beyond being open to a targeted, industry-specific act of vandalism. The same worms and viruses that cause us all such problems are just as happy breeding inside power station systems, provided they can get in: SecurityFocus News reports that a nuclear power station owned by Ohio company FirstEnergy Corp had its monitoring system disabled for five hours in January by the Slammer worm. It got in through a contractor's network which was directly linked to the power station's systems by a T1 line -- bypassing the firewall. Once inside, it spread from PC to PC and clogged the network, disabling the central monitoring panel and other systems. Backup systems worked, but it took six hours to get the main monitors back online. Fortunately, the power plant was idle (due to a gaping hole in the reactor head, you'll be reassured to hear), but the worm didn't know that.

There's more. Sterling detective work by Heise Security, a German publication, has shown that the Niagara Mohawk power grid -- the one that went down first -- is owned by National Grid USA; itself a major customer of a company called Northern Dynamic. These people specialise in Scada and Windows-based process control over OLE, the Microsoft protocol based on DCOM -- the technology attacked by the Blaster worm. As Heise points out, other customers of Northern Dynamic include many European power companies and the nuclear research organisation CERN.

We know that these systems are vulnerable. We know that the fault which brought darkness to the city of New York and forty million people was in some way linked to control and monitor failures. We know that this past week, we've had a surfeit of worms. Some conspiracy theory.

In the past, I've tried and failed to get information out of the UK government as to which regulator is responsible for the security aspects of our national and local utilities. Like the interstate distribution system in the US, it seems that nobody is in charge: a comforting network of buck-passing is working far better than the real thing. We cannot accept complacent assurances that all is in hand and all is well, not when lights go out across the US and the worms run rampant. The warning lights must go on in Whitehall before they go out across the country.