Four Minutes Before Friday

My electric utility wrapped up its NERC reliability audit Friday and NERC set us back about fifteen years in the process, all to stop super-hacker.

We pulled the plug on remotely accessing every relay and digital fault recorder in our grid because of critical infrastructure protection (CIP) reliability requirements. The idea being that super-hacker might 1)use wire cutters to clip a substation fence, one deemed "critical," 2) hope he doesn't set off the perimiter alarm, 3) drag his laptop behind him as he crawls through the hole, 4) pick the lock to the substation control room, 5) disarm the control room alarm, 6) plug into a relay (provided he knows how, and of course, has a laptop with a serial to USB connector...but he is super-hacker...), 7) hack through the two levels of relay security and hope he doesn't ping the relay fail alarm, and 8) hack back into our SCADA/EMS network, causing all sorts of mischief.

Is this for real? Really, is this for real?

Again -- electric rates are only going up because of stupid shit like this. We lost fifteen years of real-time access to relays that help troubleshoot outaged equipment. We'll have to re-engineer a "secure" method because apparently steps 1, 2, 4, 5 and 7 above aren't secure enough, and it's gonna be expensive. Or maybe we never get it back, in which case we lose one of the most valuable tools we've ever had. Either way, super-hacker wins.

Now when a fault occurs we'll send a electrical technician out to the substation, who's going to be happy to do it cause it'll be time and a half thank-you-very-much, double time on a holiday like today, to pull event records from a relay that I was able to do remotely in less than four minutes before Friday. Burn more foreign oil ostensibly to limit super-hacker. Now I'll be waiting for the elec-tech to either return from the field with a thumbdrive (if NERC doesn't ban all thumbdrives because super-hacker left one lying in the parking lot and I thought it was cool and I plugged it into my computer just for shits and giggles, unleashing the demon lurking within) or maybe he'll be able to e-mail it from the substation (if NERC doesn't ban all network access because of super-hacker). What may have taken us twenty minutes to analyze and put back into service may well take a few hours now.

Actually, we only lost remote access to our critical substations, the list of which I am forbidden to know. So super-hacker can proceed with steps 1 through 8 above if he just does so at a non-critical substation, and he can go to the NERC website to see the criteria we used to develop our forbidden list. Zounds! I wonder: would I be jailed if I blogged what substations we lost access to, for divulging "critical assets" without actually knowing them because I'm forbidden to know? Is that the same thing, or can I hide behind plausible deniability? In court: "how could I have divulged them, your honor -- I've been deliberately made unaware of said forbidden list so as to benefit or shield me from any responsibility associated through the knowledge of said forbidden list. Therefore I am in a condition to which I can safely and believably deny knowledge of said forbidden list, and so I could not have possibly divulged it."

How, exactly, is reliability enhanced if equipment at "critical" substations is out of service longer than it would have otherwise been? Isn't that the whole fucking idea, to keep critical assets in service? Otherwise, why would they be deemed critical?