Tweet
Need more random shit around here. Enjoy.
Oct 28, 2020
Cliffs Notes:
For a generator to be able to put power onto the grid it has to be creating power at the same frequency as the grid (60 Hz, +/- 5% here in the US). The frequency output of a generator is just a function of the number of magnetic poles in the actual generator and the prime mover (ex. the diesel generator tested was 1800 rpm, and a 4 generator = 60 Hz, very typical). Soooo, it’s obviously very critical to keep engine speed precisely controlled (1791-1809 rpm in this case) even with load changes, but if a genset goes outside of a set Hz window there are breakers that open to disconnect it from the grid. The breaker is controlled by a little relay.
Also of note, in a power generation unit you have the prime mover and you have the generator, with a coupling between the two to protect the generator from excess vibrations (and power pulses from reciprocating engines). This is a very key component.
What they did here was hack the relay. The code told the relay to open the breaker and take the genset off the grid. When this happens the load is instantaneously removed and the engine will “overshoot” on speed until the governor can cut fuel to bring it back down to its operating speed (<1 sec). Well, the relay also told the breaker to close again when the engine speed was at the peak of that overshoot and out of sync with the grid, which then slammed the entire load back onto the engine.
Do this a couple times in a row and you annihilate that critical coupler between the engine and generator and it all blows up. Do this in enough locations and you can physically destroy a grid with computer code.
Full article: How 30 Lines of Code Blew Up a 27-Ton Generator
A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif.
Video of the experiment
Oct 28, 2020
EARLIER THIS WEEK, the US Department of Justice unsealed an indictment against a group of hackers known as Sandworm. The document charged six hackers working for Russia's GRU military intelligence agency with computer crimes related to half a decade of cyberattacks across the globe, from sabotaging the 2018 Winter Olympics in Korea to unleashing the most destructive malware in history in Ukraine. Among those acts of cyberwar was an unprecedented attack on Ukraine's power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier.
The following excerpt from the book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers, published in paperback this week, tells the story of that early, seminal grid-hacking experiment. The demonstration was led by Assante, the late, legendary industrial control systems security pioneer. It would come to be known as the Aurora Generator Test. Today, it still serves as a powerful warning of the potential physical-world effects of cyberattacks—and an eery premonition of Sandworm's attacks to come.
The following excerpt from the book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers, published in paperback this week, tells the story of that early, seminal grid-hacking experiment. The demonstration was led by Assante, the late, legendary industrial control systems security pioneer. It would come to be known as the Aurora Generator Test. Today, it still serves as a powerful warning of the potential physical-world effects of cyberattacks—and an eery premonition of Sandworm's attacks to come.
Cliffs Notes:
For a generator to be able to put power onto the grid it has to be creating power at the same frequency as the grid (60 Hz, +/- 5% here in the US). The frequency output of a generator is just a function of the number of magnetic poles in the actual generator and the prime mover (ex. the diesel generator tested was 1800 rpm, and a 4 generator = 60 Hz, very typical). Soooo, it’s obviously very critical to keep engine speed precisely controlled (1791-1809 rpm in this case) even with load changes, but if a genset goes outside of a set Hz window there are breakers that open to disconnect it from the grid. The breaker is controlled by a little relay.
Also of note, in a power generation unit you have the prime mover and you have the generator, with a coupling between the two to protect the generator from excess vibrations (and power pulses from reciprocating engines). This is a very key component.
What they did here was hack the relay. The code told the relay to open the breaker and take the genset off the grid. When this happens the load is instantaneously removed and the engine will “overshoot” on speed until the governor can cut fuel to bring it back down to its operating speed (<1 sec). Well, the relay also told the breaker to close again when the engine speed was at the peak of that overshoot and out of sync with the grid, which then slammed the entire load back onto the engine.
Do this a couple times in a row and you annihilate that critical coupler between the engine and generator and it all blows up. Do this in enough locations and you can physically destroy a grid with computer code.
Full article: How 30 Lines of Code Blew Up a 27-Ton Generator
A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif.
Video of the experiment
Comment