return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Black hat meets white hat in the Idaho desert ]

Black hat meets white hat in the Idaho desert


DHS is creating a Control Systems Center in cooperation with CERT that "involves industry sectors, control system vendors and outside experts. It will focus on five areas: awareness, incident management, standards collaboration, strategic direction and testing. DOE's Idaho National Engineering and Environmental Laboratory (INEEL) occupies a key role in the effort.

Laurin Dodd, responsible for INEEL's national security programs, observes:

I am confident that there is no system connected to the Internet, either by modem or fixed connection, that can't be hacked into.

Many "many once-isolated systems used to run railroads, pipelines and utilities are now also accessible via the Internet and thus susceptible to sabotage," as "More and more of these things are being connected to the Internet, so they can be monitored at corporate headquarters. It is generally accepted that the August blackout last year could have been caused by that kind of activity."

Steve Schaeffer, of INEEL's cyber security lab, required "about two months before we had enough information to affect the protocol to affect operations" of a General Electric designed system. Schaeffer:

My test was to subvert that guy's system in some manner… If they can dial into the system, guess what, so can I.

An outline for the Supervisory Control and Data Acquisition (SCADA) Test Bed [SCADA systems are the C2 for critical infrastructure including electric, gas and oil distribution systems, water and sewer systems, and various manufacturing processes] indicates that an integrated SCADA Test Bed will have "links to cyber, wireless/communications and physical INEEL assets, [will] test legacy and contemporary SCADA systems, [will] provide commercial, confidential and secure testing and evaluation areas, [and will] develop a SCADA Outreach Program [to] establish a dedicated training facility [for] intrusion detection, data analysis and advanced protection."

INEEL is an applied engineering laboratory managed by Bechtel National as the lead partner in Bechtel BWXT Idaho, LLC, the management and operations contractor. INEEL is DOE's lead laboratory for nuclear energy R&D occupying 890-square-miles of the southeast Idaho desert with four mission areas:

  • Energy - core research in nuclear reactor science and technology for next generation reactors
  • Security - threat solutions for population, infrastructure, and environment
  • Science - chemical, engineering, materials, environmental, medical, and biological
  • Environment - safe, legally compliant environmental cleanup

INEEL was established in 1949 as the National Reactor Testing Station, INEEL was once the site of the world’s largest concentration of nuclear reactors. Fifty-two test reactors, most of them first-of-a-kind, were built and operated, including the US Navy’s first prototype nuclear propulsion plant. Of these, 3 are still operating.

The Snake River Alliance says that of those 52 reactors, "most had meltdowns, either intentionally or unintentionally," and that "from the 50's through the 70's, plutonium-contaminated waste... was buried in shallow unlined pits and trenches [while] high-level liquid waste from reprocessing the Navy's spent nuclear fuel to recover weapons grade uranium was stored in underground tanks... contaminating the soil and groundwater," but then no one's perfect.

This combination of infrastructure growth and protection can come none too soon as over "the next 20 years, electricity demand is expected to increase 40 percent in the United States and 70 percent globally. To ease the impact on global climate, much of this new electricity production is likely to come from nuclear energy, the only existing technology that can generate large amounts of electricity without also emitting greenhouse gases."

INEEL and ANL (Argonne National Laboratory) are leading the US effort to develop the Generation IV nuclear reactors:

The first generation was the early prototype reactors of the 1950s and ‘60s. The second was the large commercial power plants built in the 1970s and still operating today. Generation III, developed in the 1990s with evolutionary advances in safety and economics, is being built today, primarily in eastern Asia. Until about 2030, new plants will mainly be Generation III designs. The Generation IV nations [US, UK, Japan, Canada, Argentina, Brazil, France, Switzerland, ROK (Republic of Korea), RSA (Republic of South Africa)] plan to develop nuclear energy systems for construction and operation around 2030, when many of the world’s existing nuclear power plants will be at or near the end of their operating lives. To succeed in the international marketplace, "Generation IV technologies [using a closed fuel cycle] will need to provide safe, reliable and economical electricity, while reducing the amount and toxicity of nuclear waste and minimizing the risk of nuclear proliferation.

Add in the geopolitical threats to global energy supplies, and on all accounts we can only wish INEEL good luck.

Hackers Join Homeland Security Effort
By Adam Tanner/Washington Post
09/15/04 7:45 AM PT

New DHS Program Aims to Bolster Security of Computer Control Systems
By Tim Starks, CQ Staff
Aug. 18, 2004 - 7:45 p.m.

Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Strategic Risk Public  


  discuss this article

<<  |  April 2019  |  >>
view our rss feed