[cap-talk] US preps cyber outfit to protect national electric grid

Karp, Alan H alan.karp at hp.com
Fri Jan 15 15:01:54 PST 2010 

I sometimes attend the local Infragard meetings.  At one of them I met a guy working on this problem, and he spent a couple of hours explaining the situation to me.  The big one is that most generators are controlled by machines running outdated software, such as Windows NT.  By his estimate, it will take 5-10 years to get everything upgraded to more modern platforms.  (This was almost 2 years ago, and my guess is that he'd still say 5-10 years to finish the upgrade.)

We then sat down to brainstorm solutions and settled on a very simple approach that I think would be effective.  First, disconnect those old machines from the Internet and connect them to a box connected to the Internet.  I believe this box should be special purpose, but even a generic Linux machine would be a big win.  This interface box will have a big hash table of key-value pairs.  Each keys is an unguessable string (a capability, but I didn't use that word), and the corresponding value is a command to the old box.  People in the control centers talk to the interface box over an encrypted channel, passing a key and the parameters for the corresponding command.

Most keys represent relatively little power, but the keys that let users insert and remove entries from the hash table must be closely guarded.  As far as I can tell, the weak point is distributing the keys to the various control centers, but I believe rather straightforward crypto provides adequate protection.  Of course, there's also the vulnerability of the machine in the control centers, but locking down those boxes would help.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp


> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org [mailto:cap-talk-
> bounces at mail.eros-os.org] On Behalf Of John Carlson
> Sent: Friday, January 15, 2010 11:47 AM
> To: General discussions concerning capability systems.
> Subject: [cap-talk] US preps cyber outfit to protect national electric
> grid
> 
> Are capabilities up to protecting the national electric grid?
> 
> http://www.networkworld.com/community/node/54820
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list