In the computer security world, the vulnerability of open above-ground transformer parks is a well-known problem. It’s been a hypothetical on many a threat model for decades.
When gunslinging yahoos in North Carolina and elsewhere started shooting transformers, my email in-box lit up with a few messages saying, “that thing we talked about, it’s happening.” Now, the cat (as it were) is out of the bag. In the american tradition of overreacting once it’s too late, we’ll probably spend billions on power substation defense, or we’ll blame China for it, and start WWIII.
I think my first conversation about the power substations was back in the mid 1990s. At that time, the US was starting to think about its “smart grid” (or, if we’re talking about the Texas power grid, “the Y’all dumbass grid”) – one fellow I knew opined that the real target is the generators: they are heinously expensive, there is no inventory of spares, and they are basically constructed in situ. Fast forward a few years and people were discussing, in hushed tones, whether a nuclear reactor could survive being hit with a suicidal commercial aircraft full of people. I know the analysis of that topic has been done, but none of the people involved will talk about it. That’s probably for the best. If the nuclear power plants are like pretty much everything humans have built, there will be complex flaws that can be explored by an adversary who puts some thought into it. Here’s one hint to would-be terrorists: start attending computer security conferences and you’ll learn how airplane flight control systems are connected to the entertainment systems, and power grids were built by the lowest bidder, etc. The environment is target-rich and always has been, as long as – like the rebels in Star Wars – you don’t expect to survive the experience. [coop]
Early one Sunday afternoon last September, for reasons that may never be clearly understood, someone fired three or four rounds from a high-powered rifle into the main high-voltage transformer in Garkane Energy Cooperative’s Buckskin Substation, in far southern Utah.
It didn’t take long for thousands of gallons of coolant to spill from the transformer’s punctured radiator fins. Soon after that, the unit’s core began to overheat, and its connections shorted out. And then came the inevitable: Nearly 10,000 homes and businesses, almost 75 percent of the co-op’s accounts, went dark.
At the co-op’s headquarters in Loa, Utah, dispatchers were able to bypass switches and reroute power to bring half of those services back on within an hour and a half. But 5,000 downline accounts, in small communities and isolated homes near two popular national parks and a national monument, went without power for more than seven hours.
But what if, instead of assuming pointless damaging attacks by random jerks, we considered carefully planned and executed political actions carried out by good guys, accompanied by a media blitzkrieg intended to have a political effect of its own?
“Some of the distribution-level transformers are pretty standardized,” he says. “But these days, every time you get a substation transformer, you’re talking about a special order, and it takes about a year. New ones are a long time coming.”
Here’s the scenario: a small contingent of environmentalist capitalists cook up the idea of publicly attacking the power grid with the stated purpose of manipulating the cost/benefit analysis for fossil fuel-powered generation systems. Some journalists are teased an opportunity to interview someone who’s planning something big – real big; the journalists are pre-fed with the political ideology of the organization, which is that they will carefully map out what parts of the grid are powered by fossil fuels and, with rifles, perhaps a truck bomb, and perhaps a direct assault on a facility (no operators or guards to be harmed unless strictly necessary) they will raise the cost of fossil fuel generation by an extremely large amount of money. Their first press release is similar in tone to the old anti-vegan trolls’ T-shirt, “for every cheeseburger you don’t eat, we will – unfortunately – have to eat two.” I.e.: “We’re not going to do anything that harms wind, hydro, solar, or nuclear generation, but fossil fuels are about to become twice as expensive because you’re going to need guards for the facilities we don’t hit, and replacements for the facilities we do.” And, perhaps, “oh, if you decide you’re going to pass the costs on to your customers, we will target your executive management, personally.”
That didn’t happen last fall, thanks to prudent preparation and a conscientious Garkane Energy board. The co-op has invested in four mobile substations, consisting primarily of backup transformers of varying voltage capacities, that are kept under lock and key. Stationed on custom-built, heavy-duty semi-trailers, they’re always ready to go.
The co-op’s own tractor-trailer rig, fully fueled and regularly maintained, stands by to pull those transformers to any of the 48 substations scattered across the five counties in two states that comprise Garkane Energy’s 16,000- square-mile territory. There’s also space set aside at those substations to set up and connect a mobile unit when it’s needed.
I’m a security guy, so I just have to enquire trollingly whether the drivers for the tractor-trailer rig have full security background checks, and have all been in their current jobs for 10+ years, and – presumably – the tractor-trailer resides in an armored revetment where it would be impossible for a thermite-carrying drone to reach it?
Shakespear says things might have gone more easily and quickly if Garkane Energy could have strengthened its grid with loop lines to backfeed power as needed to outlying areas of its service territory. But the need for long, low-density runs through rugged, mountainous, heavily forested terrain works against such a plan.
“We’ve looked at it, but the very nature of our system precludes that,” Shakespear says. “This area is not conducive to economically running a looped system.”
Nice work crew, shame if they started quitting for safer jobs because someone shot a few holes in their trucks. That’s also one of the problems with having substations all over the place. Of course, if there were nice safe clear solar farms, there wouldn’t be a problem.
The organization would need a few ideologically sound members who had absolutely no view into its operational plans, but were completely aware of the background and motivation for the group. Those members would be, presumably, stage IV cancer patients, or suffering from MS or other degenerative diseases that would simply mean that the government would be welcome to interrogate them all it wanted – all they’d get is the party line and eventually a corpse. Have a nice big show trial, or congressional hearings, it’d all play into the hand of the rebel forces. Obviously, the organization would have to have a few well-spoken nihilists who enjoy the whole media song and dance, and – perhaps – “the attacks begin on such-and-such a date. We have no idea where, by arrangement, I haven’t talked to any of the team in over a year and we were using dead drops and one-time pads we exchanged back in 2020. All I know is that one team has been buying rifles and armor-piercing bullets, and the other has been building drones, and the publicity team – we’re that. If you kill us, though, some of you may die in response, so – be careful.”
Security people have been on this beat for some time, too: [cyberinsurgency]
During the Global War On Terror, the government has inflicted Denial Of Clue attacks on itself several times. Usually this is in the form of one agency hypothesizing that another agency may be subjected to a certain type of attack, which then triggers investigation and media coverage, and suddenly the hypothetical target is expending resources to protect against an attack that never materializes.
Denial Of Clue attacks can be used in combination with one-off attacks, to create a Death Of A Thousand Cuts scenario, in which the target is constantly chasing the last threat model, but is being bombarded with plausible yet spurious threats in a Denial Of Clue, bolstered by one-off pinprick attacks designed to overload their incident response capability.
The time for such an effort to appear is a little past-ripe, especially since the largest polluters in the world (the US) have decided to fail to meet even the modest CO2 reductions called for in the Paris Accords. In fact, if the organizations’ spokes-people were clear about its non-violent agenda, its environmental focus, etc., they’d still be labeled “terrorists” (like Earth First) but there might even be popular support and copycat attacks that would magnify the effectiveness of the effort. You probably already know how much I despise marketing and public relations, but this is more like “induced catastrophe public relations” – rather akin the “the shock doctrine” as espoused by disaster capitalists. The entire publicity axis would have to keep its tongue firmly in cheek and play to the cameras while the other teams, Rogue One and Rogue Two went on independently. You know: strategy straight out of the racist dipsticks’ favorite book The Turner Diaries. They’d just have to stay focused and keep repeating, “We’re not trying to hurt anyone, we’re just unilaterally adjusting your cost equations. Think of us as a freelance Invisible Hand Of The Free Market.”
Here’s the starting fulcrum for the publicity campaign – and, honestly, I can’t think of a better guy to have an open conversation with: the chairman of the US Senate Committee on Energy and Natural Resources – Joe Manchin. [sen] I don’t know if you knew that, but irony died the day Manchin was put in charge of that committee.
johnson catman says
I think irony has been dead for a long time, but the corpse nevertheless keeps receiving regular beatings.
Pierce R. Butler says
Those members would be, presumably, stage IV cancer patients, or suffering from MS or other degenerative diseases that would simply mean that the government would be welcome to interrogate them all it wanted – all they’d get is the party line and eventually a corpse.
I haven’t dug into the question, but such ideas have floated around for decades, yet I haven’t heard of any real-world examples.
Reginald Selkirk says
“Denial of Clue” – that is hilarious.
Dunc says
Yeah, I got one word for you: Enron.
Dunc says
More seriously, this is your problem here:
The thing about the grid is: it’s a grid. There aren’t parts that are powered by fossil fuels and parts that aren’t. It’s all powered by everything. Knock it far enough out of balance and the whole thing goes down. Have fun trying to phase-synchronise god-knows-how-many islands of solar and wind generation when you try and bring it back up.
Marcus Ranum says
The thing about the grid is: it’s a grid
Sure, but the coal plants have great big distribution stations and high lines that connect them to the grid. The stations, distribution stations, and lines from them – all targets.
I paid a visit to a plant a few years ago. No armed guards, gate open, 4 or 5 guys operating the plant. One told me I didn’t belong there so I left. 5 people with an RPG or blasting charges could destroy the generator. High-powered bullets at the bearings could probably seize them. They don’t tend to be made of flammables so a drone might not be practical. If one plant was attacked, then very costly security would be needed at the others.
I understand it’s a grid. Any damage to any of it adjusts the cost/benefit analysis when all the attackers have to do is stop or continue.
Marcus Ranum says
Pierce R. Butler@#2:
I haven’t dug into the question, but such ideas have floated around for decades, yet I haven’t heard of any real-world examples.
I think the ur-example was Jack Ruby, who shot Lee Harvey Oswald – if you assume he was part of a conspiracy, which I think he rather obviously wasn’t. [For Ruby to have happened by at the moment when Oswald was being transported, it would have been difficult to coordinate – especially since Oswald caused a delay in getting him to the car; Oswald would have had to be in on his own murder.]
xohjoh2n says
@7:
Err, how does that look any different between conspiracy and lone-wolf? If it would have been hard to coordinate, it would have been equally hard for Ruby to arrange it on his own. (The answer appears to be that he’d been hanging around for a while waiting for the opportune moment to present itself – which in either case it was almost certain to do.)
Just because there’s a conspiracy, doesn’t mean all participants are equally informed about the nature of the conspiracy.
snarkhuntr says
The built environment around us contains unlimited targets for the sufficiently malicious.
Looking at the reaction during the ‘DC Sniper’ investigation, it’s pretty clear that a couple dozen motivated terrorists could paralyze the whole country with hit-and-run tactics moving from jurisdiction to jurisdiction. Change vehicles and locations every time, and the government would have a hell of a time tracking any team not stupid enough to carry cell phones with them.
Many bridge abutments are now made from basic EPS ‘stryofoam’ instead of heavy earthen fill. Drill a small hole through the asphalt and roadbase and pour in a few hundred gallons of gasoline – and suddenly that vital traffic route is now completely impassable.
Small dams and weirs are everywhere, and anyone with access to explosives (or the ability to improvise) could cause havoc and disruption with a few dozen kg of well placed ANFO.
None of this holds a candle to what will happen when Foucoult’s pendulum swings back and suddenly commercial drone-dropped small munitions show up in US/Canadian cities for the first time. The post-9/11 panic will have nothing at all on what would happen once the first 20mm grenade lands in a crowd at rock concert or public rally.
Your power plant example is good – but you’re not thinking big enough. A rocket into the side of the boiler-house of any major thermal generating plant would likely take it out for at least a few weeks. Shaped-charge damage to the boiler tubes would require, at the very least, a weld repair using specialized materials and welders. If the boiler were hit near the steam or mud drums, it might require custom-bent tubing segments to be prepared. Thanks to the miracle of globalization, the companies capable of making the tubing required for these repairs are almost all located overseas now.
The demo hit on the nordstream pipeline is illustrative. No-matter who did it, it was effective. Were I the government of the Ukraine, this would have been regarded as a serious victory. Significantly reducing Russia’s ability to export gas to Europe significantly reduces their ability to bribe/blackmail european states into acceding to their invasion. I don’t know who hit that pipeline, but I think they were either Pro-Ukraine, or Anti-Russian in their intentions. The action can’t have cost more than a million or two, but it had billions of dollars worth of effect. This is an excellent example of a well-conceived infrastructure hit. Leagues better than whatever the rednecks manage with bullets into transformers.
Society can only function because most people, most of the time, aren’t interested in fucking things up. Take that away, and there’s no real way to keep the thing going.
Marcus Ranum says
snarkhuntr@#9:
Your power plant example is good – but you’re not thinking big enough. A rocket into the side of the boiler-house of any major thermal generating plant would likely take it out for at least a few weeks
All of what you said is true.
My example was based on the assumption that the rebels are a smallish movement, not inclined toward being suicide bombers. Given a choice between shooting something from a couple hundred yards away, or having to get up close and personal with explosives, or to obtain and learn to use rockets, it seems that cheap and easy has a virtue all of its own. Especially, when the target overreacts – the US’ strategy for handling domestic sabotage has been to periodically catch a saboteur and throw them against the wall so hard all that’s left is a splat-mark.
Remember: my premise is not that we’d be trying to overthrow the country – the exercise is merely to adjust the cost/benefit analysis of fossil fuels to, perhaps, double their costs. For that, every single thing that causes a reaction is sufficient, because reactions are expensive.
Marcus Ranum says
xohjoh2n@#8:
Err, how does that look any different between conspiracy and lone-wolf? If it would have been hard to coordinate, it would have been equally hard for Ruby to arrange it on his own. (The answer appears to be that he’d been hanging around for a while waiting for the opportune moment to present itself – which in either case it was almost certain to do.)
wikipedia, Jack Ruby kills Oswald
It’s kind of amazing for someone who lives in the current times to imagine a municipal building that has such bad security that it’s more or less “normal” for a crowd to gather where a prisoner will be transferred.
Ruby sent a money order from Western Union, 1/2 block away, at 11:17AM. Oswald was supposed to be leaving the building at 11:00AM, but he kicked up a fuss about his hair (going from memory here) not being right and delayed the whole process by about 10m. Ruby shot him at 11:20AM, 3 minutes after sending the money order. Those are the facts according to my memory and also wikipedia, which is never wrong, though my memory often is.
That’s why I said Oswald had to be in on his own murder: if he hadn’t delayed departing his holding cell, he would have been in the armored car and gone while Ruby was still at Western Union.
On the other side of the coin, one has to admire the conspiracy for having a photographer there, film loaded and ready, to capture the moment. That was a nice piece of work. Of course, they had the “rifleman from the grassy knoll” across the street in case Ruby missed his shot.
[BTW, it’s really funny that people refer to “the grassy knoll” as if it’s a long way away from where Kennedy was hit. It’s actually a comfortable pistol shot away, and someone with a military semi-automatic rifle would have been able to absolutely riddle the car at that distance. There was no need for a scope-sighted rifle. A tommy gun would have been the best option, and they were legal to buy at that time.]
dangerousbeans says
I suppose fundamentally environmentalists want to improve things, not wreck society. they’re thinking prosocially, they assume others think prosocially, this sort of stuff doesn’t figure.
While millennialist or libertarian lot are not motivated by prosocial values. Seems like the motivation is what’s shaping the tactics
Pierce R. Butler says
Marcus Ranum @ # 11, quoting The Pffft: Ruby sent a money order from Western Union, 1/2 block away, at 11:17AM. … he [Oswald] kicked up a fuss about his hair … Ruby shot [Oswald] at 11:20AM.
Pffft version doesn’t mention any Western Union vids, nor anything else against the hypothesis that Jack R had an accomplice setting up an alibi. He was, after all, an experienced Chicago gangster.
Other versions* have it that LHO’s exit was delayed by some self-invited Post Office badgewearer, along with the whole Dallas PD Amateur Hour flatfootery (which went unrecorded**, years after reel-to-reel hit the Sears Catalog).
And even in the ’60s, rapid-onset cancer for a prisoner was part of every spook toolbox***.
*No, I refuse to re-enter the psychovortex of 11/22 studies again, even to cite sources…
**Or so they would like you to believe.
*** (see Dubček, A.)
There is always a what-about in JFK rebuttals.
A stage-IV patient would have little chance to get close to a politician w/out attracting attention/interference, but other 0%ers could access at least soft targets. Seriously, has anyone actually done this (with reliable authentication), either for a conspiracy or as a lone wolf?
Pierce R. Butler says
dangerousbeans @ # 12: I suppose fundamentally environmentalists want to improve things, … they’re thinking prosocially…
Not all environmentalists.
xohjoh2n says
@11:
If 3 mins was enough time for Ruby to get from WU to shoot LHO at 11:20, and the delay was 10 mins, then clearly there was also enough time for Ruby to shoot LHO at 11:10 and still make WU at 11:17, which I’m sure the cops present would have been more than happy to allow, them all being in on it.
sonofrojblake says
In 2018, Gatwick airport near London was closed down for several days at a cost of (conservatively) hundreds of millions. How? Well.. the story was someone was flying a drone near the runway, risking the safety of the aircraft. Once again I’ll trot out the link to one of the greatest xkcd’s of all time, “Settled”: https://xkcd.com/1235/ . Then I’ll point out that nobody anywhere in area surrounding Gatwick produced even a blurred photograph of a drone at any stage. It appeared to be a police/security forces conspiracy to make a power grab for more control over drones, like the satirical idea that they’d have the power to arrest pilots, a power meaningless without the ability to find them and even more meaningless given the ability of every drone pilot I know to pre-program flight paths into their toys so they don’t NEED to pilot them.
What they achieved was to demonstrate how to close a major airport for a week for less than £10k.
Plan: build a drone. Parts are available online. Don’t bother building in GPS – you won’t be using it. DO build in a downfacing camera and inertial navigation/stationkeeping functionality. Opensource versions of this are online.
Build as many of these as you can afford. Gatwick experience might suggest that one drone can shut an airport for one day, but then again it’s likely that Gatwick was shut down by NO drones. Also, the first time a drone shuts the runway they might reopen quite quick, but the second might take longer. Subsequent ones might take MUCH longer.
Program the drone to fly straight up, keep station and loiter for ten minutes. Make sure it’s well lit and noisy. After ten minutes, have it fly to the middle of the nearest large body of water (there’s one a quarter mile from the end of Gatwick’s runway, for example), and ditch it.
Drive past the end of the runway and throw the drone out of the top of a moving van or pickup truck. Don’t look back.
Use a different truck/van for subsequent launches. Keep doing it till you run out of drones. Keep doing it until you run out of airports.
You can do practice runs with the drone to your heart’s content anywhere where there’s fields – all you need is to check that it can go up, hover over a spot, fly 500m south east then “land”. No pilot needed, no outside control at all, no GPS needed so there’s nothing they could do to jam it (good luck “jamming” a compass in something the size of a suitcase that’s 1500ft off the ground…). A focussed EMP could conceivably bring it down if such a thing exists, but even if you did, generic or 3d printed parts won’t give you a clue to where it was constructed or by whom, and certainly won’t help predict where the next one will be deployed. Divers might conceivably recover the wreckage, days later, but again, not much help. Normal anti-aircraft fire is optimised for much, much bigger, hotter machines, and in any case deploying shit like that where the rounds that miss can drop on schools would be hard to sell to the public. Reacting in time is an issue – detecting something that small is possible, but getting to where it is before it bugs out would be a challenge – airports are BIG.
The security nonsense and travel disruption this would cause would be out of all proportion the cost, effort and risk involved. I’m amazed that in the four and a half years since Gatwick nothing like it has been attempted. You want to save the environment, grounding the planes is a good start.
Plus it has the added advantage for those troubled by the morality of cutting off the power supply to vulnerable communities, possibly costing lives – nobody gets hurt. It hardly counts as terrorism, even. No individual nation, aircraft or airline is being targetted, just jet aviation in general. especially if multiple airports are hit at once.
Why isn’t this already happening?
Dunc says
Because the environmental protest movement is mostly composed of nice, middle-class people weaned on stories about Ghandi, a great many of whom aren’t even prepared to give up flying themselves.
sonofrojblake says
Don’t say that environmentalists are a bunch of self-serving hypocrites. Leave me some naive illusions, please.