Friday, February 3, 2017

a new top threat to energy security not being addressed

Being a scientist and engineer, and not a great communicator, I will try my best to explain two key points which SOMEONE really ought to follow up on:

1. There are many threats to energy security and world peace which are certainly as important as ever, but a specific new threat has arisen involving cybersecurity of the power grid which is much larger (at least for this decade)  and more imminent than any of those.

2. There has been a growing chorus of noise and money addressing cybersecurity of the power grid, but this may have hurt more than helped, by creating vested interests neither capable nor motivated to do the straightforward technical actions needed to get us out of the path of the "oncoming truck."

Because I am retired from the government, and more involved with science than with management or politics, I can do very little on this myself, so I really hope that someone in a better position here will follow up in a way more useful than the many other folks who just want to throw money down ratholes without paying attention where it goes.

The essence of the problem is given in section 1.2 of, a paper I wrote for the NATO IOS book for a NATO workshop I was asked to speak at a few weeks ago. In a way, the core problem is that no operating systems today maintains the same standards for unbreakability which I saw on the Honeywell Multics operating system which I wrote systems code for many years ago, standards very well known at NSA but not so widely known elsewhere. Many operating systems are hopeless leaky sieves, but the most secure of them use SOME of the old standards, but with backdoors useful to us. BUT there was a major leak, "Snowden II", just a few months ago, reported in Fortune magazine, which would allow our adversaries to exploit the backdoors ... possibly to shut down half the power grid, just like a worst case EMP event, but a lot sooner than the next Carrington event. There are ways to close the backdoors, firmly and permanently, but absurd and irresponsible political barriers are preventing us from doing so.


Should I just stop here? Maybe. The paper gives details and citations, and may be more organized than the extra details I might add here.

Still, I probably should say a little about the first person experience which leads me to 
take this very seriously, even though I have mainly worked in other IT areas since those multics days. 

A couple of years ago, at a large government IT meeting, Mike Rogers of NSA talked about his experience of visiting the Pentagon on cybersecurity issues. They assured him they were rock hard secure already; they certainly has spent a whole lot more money, and mobilized a whole lot more credentialed experts than FERC has.  
(FERC, the Federal Energy Regulatory Commission, is the agency which oversees power grids in the US, and folks like the Senate Commerce Committee
claim jurisdiction working with folks like FERC and NIST -- lots of money and lots of interests and lots of iron triangles.) After they gave him all those assurances, he said, he simply went in with NSA technology and showed him ... a hundred ways they were totally penetrated already by... lots of other folks, not just hit and run hacking, but a permanent sieve and permanent lurkers. That was the birth of cybercommand, a really important development -- but no, folks, not the kind of development which blocks the new threat. Quite the opposite. The new emphasis on maintaining and using offensive cyber capabilities does not include the kind of stringent new measures needed, using the kind of technology NSA knows very well, to close all the backdoors permanently in systems which run the power grid.

I have also been in a good position to hear from the front lines how the various power industry players are handling this. Naming names is not always a good idea with this kind of thing (as the news about death sentences in Russia due to disclosures in the US about Russian hacking evidence should remind us). But... I have heard people say "don't worry, we are stockpiling transformers." Well, on this list, Mitzi was also in the audience at NDU when they showed how to use these backdoors to burn out GENERATORS. It amazes me how proud experts in electric power policy, Washington's best excuse for "technical experts," don't seem to understand the difference between a transformer and a generator, in a practical situation!
I have also talked with front-line folks in electric power who rely heavily on SE-Linux...  but (1) even SE-Linux has had backdoors, by design; and (2) in the recent reorganization of NSA, the Information Assurance group at NSA (which supported the SE-Linux effort) has been abolished. Of course, those of you who work in government know the familiar code words which agencies use to Congress: "It's not that we're abolishing them, it's that we're dispersing their functions to other places."

To what other places? Ironically, to places with a primary emphasis on
cyberdeterrent, to active offensive actions, making heavy use of machine learning, a field which I know very well. Friends of mine have been very excited by this, and even said: "Paul, since you originated a lot of that technology and still have a lot of visibility there, you could get a lot of money and power by simply getting with the new program." Yes, that's true; if you believe I am just a guy off the street in that area, or if you want to learn what is happening in that sector, see:

But there are times when a rational person gives priority to the issue of our collective survival, regardless of any "iron triangle" vested interests he may possess. Our lives are at stake, for God's sake!


But again, I don't work for the government or any government contractor in any capacity right now, so there is little I can do, other than weep a little when I see vast sums of money being thrown away even as an urgent life or death requirement is not being met. 

Yes, the other long-term requirements for security and survival remain as important as ever, but if there continues a kind of entropy in the foundations of the world's IT system, the entropy will certainly melt away any other positive things we might try to do. 

Best of luck,


P.S. Beyond this long email, and the NATO paper itself, I had a few more comments on the issue of defense versus deterrence and how they interact at:

No comments:

Post a Comment