Cyber Attacks on the Government’s Transportation Grid

Breaches and Security Implications by Penetration of the Western Interconnection’s

Traffic Control System and its Effects on Modern Day Life

Year after year, a number of films are released involving computer hacking of some sort along with cyber-villainy. As entertaining as they are, the validity of these possibilities is not explored. Many of these films center revolve around a chaotic vehicle-related scene where a form of the government’s transportation grid is compromised. The breach typically involves traffic control. As the stoplights and streetlights are in a state known as gridlock, external hackers usually make the situation as unruly as humanely plausible. However, the very nature of this unfortunate scenario can only be determined once the backgrounds of the systems that control it are thoroughly studied.

The contiguous United States is divided into three main alternating current power grids.
The Western Interconnected System, or Western Interconnection, is the one applicable to those of us living in California. The electric utilities functioning in this region are tied together, operating at 60Hz. While the grid is currently electrically powered, research by the National
Renewable Energy Laboratory (NREL) in Colorado indicates the Western Interconnection can handle higher levels of renewable energy, in a quest to implement alternative energy sources. If integrated correctly, the NREL have claimed the Western Interconnection can take up to approximately 35% in renewables. They are proposing 30% produced by wind turbines and the

2

remaining 5% produced by solar power. This solar power would, in turn, be generated from solar thermal plants scattered across the correlating area (Richard).

A project known as Tres Amigas SuperStation in Clovis, New Mexico, is geared toward an American domination of renewable energy. This, as well as a couple of other similar projects, is currently working to shape a sustainable alternate energy management system by tracking the electricity use as well as controlling a healthy amount of renewable energy consumption for the future (BioCycle).

The Western Interconnection powers a number of everyday critical utilities without which modern industrialization and technological innovation cannot flourish. The main systems include natural gas pipelines, electricity to power entire cities, ground traffic control, and the stock market. An organization known as the Western Electricity Coordinating Council (WECC) is in charge of anything and everything to do with the Western Interconnection. This includes the states of Washington, Oregon, California, Idaho, Nevada, Utah, Arizona, Colorado, Wyoming,
Montana, South Dakota, New Mexico, and Texas. The Western Interconnection is connected to the Eastern Interconnection via six direct current transmission facilities. The WECC has offices in the following cities: Salt Lake, Utah; Vancouver, Washington; and Loveland, Colorado. The
North American Electric Reliability Corporation (NERC) employs eight other branches of electric reliability councils (NERC).

Currently, the level of security regarding the Western Interconnection networks is depleting, as in it is becoming ever more susceptible to external hackers. The vulnerable nature of all the United States electric power grids brought the attention of the White House a couple years ago. The potential of these cyber-attacks on this vital infrastructure has led to a suspicion of Chinese hackers behind the job. At the time, it was assumed that the U.S. Congress and

3

government regulators would pressure all the electric utilities to increase security ten-fold and be ready to evade all computer intrusions. A single breach would inevitably lead to chaos striking the entire nation. U.S. Homeland Security Secretary Janet Napolitano expressed concerns about the power grid’s high vulnerability to “potentially disabling computer attacks.” “The vulnerability is something that the Department of Homeland Security and the energy sector have known about for years,” she said. “We acknowledge that ... in this world, in an increasingly cyber world, these are increasing risks” (Holland, Mikkelsen). Apparently, what remained hidden to the public at the time, which was revealed soon after by the Wall Street Journal, was that cyber-spies had in fact already broken the electrical grid systems and planted bugged programs that could potentially disrupt all the grid’s operations. The White House worried about these intruders for quite a while. The amount of power possibly generated for nuclear and other uses against the U.S. itself from a breach in the power grids is remarkably high. As a result, the penetrators would likely try a large-scale, long-lasting crisis or war, to put it in layman’s terms
(Holland, Mikkelsen).

An ongoing bold accusation of the Chinese and Russians had been running throughout the country during this incident, so naturally, they were initially blamed for the breaching attempts. It was theorized that American trade, military, and government secrets were on the table while China and Russia were rather active in the computer spying field. “James Lewis, cyber-security analyst at the Center for Strategic and International Studies, said Russia and China have long been considered culprits in computer spying and that the United States, France and
Germany have all complained to China in particular.” His lasting ideal was, “In four out of five cases we really can't be sure who's doing it but in the (other) 20 percent it points very often to
China and Russia” (Davidson).

4

Eric Rosenbach, executive director for research at Harvard University's Kennedy School of Government's Belfer Center, told reporters how the alleged Chinese and Russian strategy of overcoming the obviously not immune electrical grid would be pivotal in restraining the United
States’ authority. He explained, “I think that China recognizes if in a very strategic sense you want to ensure you have the ability to exploit another country's potential weakness or vulnerability but do it in a way that isn't confrontational or cause an international crisis, then this is a very good way of doing that” (Davidson).

In awaited development of smart grid networks, the Department of Homeland Security worked alongside the federal government in securing the power grid’s networks. Being one of the most important and valued systems for the majority of people in the free world, safety precautions are absolutely necessary. Mississippi Democratic Representative Bennie Thompson, chairman of the House of Representatives Homeland Security Committee, felt strongly about this. “Our electric system is critical to our way of life, and we cannot afford to leave it vulnerable to attack,” he said. “Our oversight indicates there is a significant gap in current regulation to effectively secure this infrastructure” (Lamb).

The CIA was brought to the task as well when more information regarding cyber-attacks was needed. Tom Donahue, a CIA analyst, elaborated on how external support is being given to the United States in this area. Several countries have briefed the United States on prior penetration of facilities preceding extortion demands (Gorman).

As for previous interferences with the Western Interconnection, the NERC confirmed there were no known breaches that led to significant electric service disruptions. The security system implemented is a multilayered one, which turned active quite a while back when the
American Electric Power Company (AEP) identified “numerous scans and probes of our

5

networks from external sources” (Gorman). AEP spokeswoman Melissa McHenry talked about this when informing reporters of the many constant threats cyber-attackers pose to the electric systems. This risk increases more so by the day.

The multilayered security system approach is used widely by large companies for protection after storing critical information in their databases. For a more common example, many email providers incorporate this method of intrusion detection to keep all their customers’ information private. A prime example of an industry employing multilayered security would be
Hitachi ID Systems, Inc. In layman’s terms, they basically lock down their web servers with identity cache while encrypting or hashing sensitive data. The CPU managing storage has a physically installed alarm and all operations are constantly monitored. Caller authentication is in use at all times. Systems security at the top level is absolutely vital for operations corporation- level or higher as the entire infrastructure would crumble if any system is penetrated (Gorman).

A fairly recent hack, which took place in May 2009 and was similar to the uncalled for breaches in traffic control, was a penetration of FAA’s Air-Traffic Networks. As the multilayered security approach applies to air traffic control as well, these types of breaches did not happen just once. The fact that the administrator control had been compromised implied that hackers are much more capable than accounted for. The cyber-attacks weren’t necessarily acts of terrorism, but they were certainly a threat to national security. Although not as destructive as they potentially could’ve been, the hack in question shut down the data systems in Alaskan air- traffic. The Transportation Department’s inspector general released a government report indicating an increase in attacks on air-traffic control systems. Apparently, FAA intends on spending $20 billion over the upcoming 15 years to upgrade all their systems. After a thorough procedure of security tests were completed, a total of 763 vulnerabilities were discovered. These

6

vulnerabilities were child’s play for experienced hackers interested in accessing the administrative systems. A subsequent report was filed by the Wall Street Journal saying that an
“Air Force air-traffic control system” was breached (Gorman). This was brought to the immediate attention of intelligence officials who had predicted an attack like this. They were concerned with the possibility of air-traffic signals being intercepted as well. However, most of the breaches involved just the air-traffic flow, electric power, email, and web sites (Gorman).

As if the FAA’s network didn’t have enough holes, a following cyber-attack on FAA computers was accomplished by unknown hackers who remain untraceable. The external hackers managed to achieve agency insider status, steal the admin’s password to all the networks, and install malware. A major privacy breach also occurred; the hackers secured the exact passwords to 40,000 other FAA accounts. All these preceding threats happened due to the administrator’s open control over all operations. With the security of the FAA networks so low, a separate group of hackers also obtained the personal information of 48,000 FAA employees. The crimes, cyber or physical, related to this outbreak of confidential information remains unknown (Wang, Rong).

Immediate and serious precautions to avoid future immeasurable cyber-attacks were urged at this seemingly vulnerable time for the nation. An interesting relation was pointed out regarding these specific hacks by Tom Kellermann, a vice president at a cyber-security corporation known as Core Security Technologies. He elaborated that a television show called
“24” depicted a similar scenario where “terrorists hack into and commandeer the FAA's air- traffic control system to crash planes.” Following up on this thought, he said, “the integrity of the data on which ground control is relying can be manipulated, much as seen in '24'” (Gorman).

A personal connection I made to hacks cited in government reports is similar to the one of Kellermann’s. In “Live Free or Die Hard,” hackers break into the transportation grid and

7

control the flow of traffic, maximizing chaos in order to allow them to manipulate their enemies.
Quite a few movies revolved around a similar situation; another example would be “The Italian
Job.” Although unintentional, these movies have outlined ideas for hackers-in-the-making.

Intelligence officials continue to ponder the connections of the administrative control systems to the public internet; this network is highly dangerous as it is open to hackers around the globe. Of the 734 FAA facilities around the world, only a mere 11 are equipped with sensors that identify intrusions; this indicates weak operational networks which can likely be compromised (Gorman).

A supposed solution, or partial solution, to several of the problems (security-wise and environment-oriented) the electric grid poses is a technology known as the smart grid. At a brief standpoint, the smart grid combines two methods known as Advanced Metering Infrastructure
(AMI) and Visualization Technology to produce a less centralized yet more interactive power network. AMI is already used in homes and corporations but is in development for incorporation in the smart grid. It basically makes sure unnecessary amounts of power aren’t being used while visualization technology, a futuristic concept, keeps accounts of electricity usage to avoid supplying too much power in any certain situation. The federal government of the United States is working on this technology alongside the United States Department of Homeland Security.
While hacking possibilities might eventually become prevalent, for some time it will increase security, due to its foreign nature, and encourage renewable energy sources. Therefore, killing two birds with one stone (Lamb).

It seems as though it is of popular opinion that the electric grid’s cyber-security measures are rather inadequate. Homeland Security Secretary Janet Napolitano tells reporters, “The vulnerability is something that the Department of Homeland Security and the energy sector have

8

known about for years” (Davidson). The NERC concurs with the proposal that the Federal
Energy Regulatory Commission (FERC) wished to implement this past year, namely eight new cyber-security requirements that every utility must fulfill in order to remain fully functional
(NERC). However, the Congress hasn’t approved these safety measures as it supposedly gives the utilities an amount of discretion too unreasonable. For the time being, it is absolutely essential that the power companies label vital machines to help defend against cyber-attacks
(Davidson).

This theory of network vulnerabilities has escalated to the point where a mock attack was executed to expose the flaws in the grid’s systems. The utilities were urged to take serious precautions while only 23% took the evasive action. The industry’s trade group, Edison Electric
Institute, had an employee further elaborate on the situation, by the name of Ed Legge. Legge metaphorically states, “we can have a bulletproof system and absolutely no one could afford the electricity. It’s in the utilities’ best interests to have secure systems, and standards are definitely going to be strengthened” (Davidson). To break it down, he explains that while the cost to develop these security systems may be high, the extra protection will come through in the long run (Davidson).

According to intelligence officials, the actual cyber-spies in question breached the electric grid early last year; this happened a number of times. However, ever since 2005,
Congress has been dishing red tape on the FERC’s security-oriented operations. Whereas,
Congress ordered the FERC, as a federal agency, to establish standards and warnings for all the utilities to follow (Davidson).

While an innumerable sum of daily hacking attempts is constantly occurring at the power grid, a few happen to be staged. CNN reveals a research experiment known as “Aurora”

9

completed by the Department of Energy’s lab in Idaho. A major generator of electric power in the state was breached by these researchers, resulting in a self-destruction of it. This morally repugnant act sent a powerful message straight to the federal government; this message being if such a cyber-attack was performed on a grander scale, devastating consequences would be inevitable to the Western Interconnection. Electric infrastructure would then crumble, leading to a lack of a power source for the entire western-pacific region (Meserve).

A major possible result from an initial cyber-attack on the power grid would be what is known as a Firesale, or Cyber Jihad. A Firesale is a combination of a cyber as well as a physical attack. It uses the default infrastructure, only to crumble it. Several attempts have been made, the idea triggered following the release of the popular movie “Live Free or Die Hard,” which revolved around that scenario. Specifically, the traffic control systems were compromised, resulting in maximized chaos for all the civilians located in the grid’s boundaries. Once the systems are breached, the completion of the cyber-attack allows for the execution of the physical attack (Bardin).

Cyber-warfare situations happen to be Cyber Jihad for the most part. Jeff Bardin, of
InfoSec, supports this point to the CSO Security and Risk Organization by saying, “Information technology strikes are number two on Al Qaeda’s list for strikes at [U.S.] economy.” These electronic Jihad methods are explained on websites hosted by “online terrorists,” who are in charge of the hacking portion of the extremist attacks on America (Bardin).

Transitioning back to the traffic control and similar systems of the power grid, it is believed that after a constant year-long attack on the grid, the nation’s traffic lights along with common household appliances could be disrupted. Demetrios Matsakis, head of the time service department at the U.S. Naval Observatory, elaborates, “a lot of people are going to have things

10

break and they’re not going to know why” (Borenstein). The U.S. Naval Observatory, a branch of the federal government, is an official timekeeping agency. Such an attack is considered likely after a thorough analysis and staged hacks have been executed. It is only a matter of time before a similar grand-scale Firesale would be put in action. This cyber-warfare event, a direct threat to the U.S.’s economic infrastructure, could plausibly lead to a full-out war (Borenstein).

The now likely event that the Western Interconnection’s traffic control systems and household computers/ appliances were to be breached would negatively and directly impact me as well as my community, city, state, and region. Aside from a pessimistic change in my resident country’s economy and infrastructure, said attack has the potential to physically affect me.
Traffic control chaos will inevitably result in several life-threatening accidents in every single afflicted community; I could be involved in one of those tragedies. Apart from the traffic systems aspect, the electric grid’s effect on household computers and appliances would hurt my personal computer systems as well as my day-to-day interactions with appliances. Electric clocks, kitchen appliances, heaters, coolers, and similar devise would be tampered and interfered with by this impact. Temperatures would change, resulting in health effects, and possible radiation interaction along with outlet shortages would inevitably affect me if this near-future situation were to occur.
Without a doubt, our lives would entirely change, for the worse, if this scenario arises between the citizens of Western Interconnection’s afflicted regions and areas. This will all start with the initial penetration of the systems, leading to the main traffic control systems’ crumble.