[HN Gopher] Metcalf Sniper Attack ___________________________________________________________________ Metcalf Sniper Attack Author : rococode Score : 85 points Date : 2020-08-29 18:25 UTC (4 hours ago) (HTM) web link (en.wikipedia.org) (TXT) w3m dump (en.wikipedia.org) | urda wrote: | I remember this, still wild re-reading the entire record of | events. | areoform wrote: | The reason why the Intelligence Community freaked out is because | this is exactly the kind of small-scale test they'd do to test a | possible attack pattern. | https://foreignpolicy.com/2013/12/27/military-style-raid-on-... | | The people spooked here _are_ spooks. And that should be telling | for those of us on the outside. It 's an attack scenario no one | had planned for. | | I would highly recommend this article by Michael Lewis (and his | book) that explores related systemic risk, | https://www.vanityfair.com/news/2017/07/department-of-energy... | | > The safety of the electrical grid sat at or near the top of the | list of concerns of everyone I spoke with inside the D.O.E. Life | in America has become, increasingly, reliant on it. "Food and | water has become food and water and electricity," as one D.O.E. | career staffer put it. Back in 2013 there had been an incident in | California that got everyone's attention. Late one night, just | southeast of San Jose, at Pacific Gas and Electric's Metcalf | substation, a well-informed sniper, using a .30-caliber rifle, | had taken out 17 transformers. Someone had also cut the cables | that enabled communication to and from the substation. _"They | knew exactly what lines to cut," said Tarak Shah, who studied the | incident for the D.O.E. "They knew exactly where to shoot. They | knew exactly which manhole covers were relevant--where the | communication lines were. These were feeder stations to Apple and | Google."_ There had been enough backup power in the area that no | one noticed the outage, and the incident came and went quickly | from the news. But, Shah said, "for us it was a wake-up call." In | 2016 the D.O.E. counted half a million cyber-intrusions into | various parts of the U.S. electrical grid. "It's one thing to put | your head in the sand for climate change--it's like manana," says | Ali Zaidi, who served in the White House as Obama's senior | adviser on energy policy. _"This is here and now. We actually | don't have a transformer reserve. They're like these million- | dollar things. Seventeen transformers getting shot up in | California is not like, Oh, we'll just fix the problem. Our | electric-grid assets are growingly vulnerable."_ | | > In his briefings on the electrical grid MacWilliams made a | specific point and a more general one. The specific point was | that we don't actually have a national grid. Our electricity is | supplied by a patchwork of not terribly innovative or | imaginatively managed regional utilities. The federal government | offers the only hope of a coordinated, intelligent response to | threats to the system: there is no private-sector mechanism. To | that end the D.O.E. had begun to gather the executives of the | utility companies, to educate them about the threats they face. | "They all sort of said, 'But is this really real?' " said | MacWilliams. "You get them security clearance for a day and tell | them about the attacks and all of a sudden you see their eyes go | really wide." | | _Edit_ | | _Personal Interpretation:_ Someone hired highly trained | mercenaries (?) to operate on US soil to test destroying critical | infrastructure that led directly to Apple + Google. Large, | stationary, expensive infrastructure that is lacking in | redundancy. | | They knew exactly what targets to hit. It follows that they knew | that there was backup capacity in the system. This was a test | run. And bullets are cheap. | | What if instead of one team for one location, it had been three | teams for three locations? Or, four? Five? Six? Could they have | successfully crippled the nation? And plunged the stock market? | bonchicbongenre wrote: | The answer: yes, they could've. I had a professor who | previously had been part of a US gov group that had been tasked | with preparing for an attack on the electrical grid, all the | way back in the tail end of the cold war. His impression of the | security of the US grid was that it was completely unsecured. | He told me that they had no chance of solving the problem then, | and that he expects the same is still the case. His worst fear | is a large EMP attack, not locally cutting powerlines, but the | danger still stands | thinkling wrote: | > They knew exactly what targets to hit. It follows that they | knew that there was backup capacity in the system. This was a | test run. And bullets are cheap. | | Sounds like perhaps this was a white hat actor intending to | push others to get serious about these risks? | baybal2 wrote: | Kind of useless act it was then. | | Fences, and cameras would not stop a well armed sabotage | team. | nullc wrote: | Sounds like a great promotion for someone selling substation | security. | jonathankoren wrote: | That's not the only weird sabotage that has happened in San Jose. | Back in 2009, someone intentionally cut some fiber optic cables. | They've never been found. | | https://www.mercurynews.com/2009/04/09/san-jose-police-sabot... | tyingq wrote: | Probably someone hoping for copper to scrap. | Beldin wrote: | I don't understand why this is called a terror attack. From the | article it seems managers got spooked, sure. But it doesn't read | as if the general population was. | | Granted, it's possible the attack failed to achieve its goal and | that's why the population is not terrorised. But even then: an | actual terrorist could've easily kept track of news on damages | caused and how close to great effect they had come. That would | surely incentive them to try again. But I'm not aware of that | happening. | | So what is the terror angle here? | save_ferris wrote: | The terror angle is that someone tried to disrupt a major | component of the electrical grid. It's hard to imagine a motive | for such an attack that doesn't involve trying to cause major | panic to a community. That's definitely qualifiable as | terrorism. | | Just because they didn't attempt again (that we know of) | doesn't mean that they weren't terrorists to begin with. Also | noted in the article, investigators later believed it to be an | inside job. This goes into wild speculation, but if the | attackers worked at DHS, they may have known how close an | investigation came to revealing them and opted not to try | again. We'll probably never know why though. | digi59404 wrote: | I was on duty as security for a.. semi secret substation | designated as critical infrastructure that night. In the Bay | Area, we just had to divert power a little bit. It basically | didn't affect the grid at all. | | Everyone was all a little more worried as to if this was | isolated, if we were next, etc etc. | | Transformers that are small are often on hand and easy to swap | out. But some of the bigger ones have months long lead times. The | facility we were at had transformers that had a 6 month lead time | from Germany to replace them and they had to be sent via boat as | they wouldn't fit in planes. | | The average person isn't going to know that about transformers. | Which leads more credence to the fact it's an inside job. | crehn wrote: | Out of curiosity, how does one "divert power"? | MadVikingGod wrote: | What that practically means is power that would have normally | come through those substation would be delivered by some | other source, and thus go through a different set of | substations. | | What most people don't understand is that it's important that | the demand + the transmission losses = the production, not | just as a whole, but also for each link. To help with that | most places don't produce 100%, and a lot of higher power | links are redundant. But that can only cover so much. If it's | not a high demand day you can probably source power from | other providers, but sometimes that's not enough. | greedo wrote: | "The average person isn't going to know that about | transformers. Which leads more credence to the fact it's an | inside job." | | Or that the perpetrators were well informed about | infrastructure vulnerabilities. | natcombs wrote: | That video does not appear to show anything for four minutes. Did | I miss something? | | Edit: Now I have a feeling that I got trolled and that's the | point of the video | unkeptbarista wrote: | The action is easy to miss after nearly two minutes of nothing | happening. If you fast forward you might not see it at all. | | 1:54 What I believe is the signal flash near the fencing. Lower | left of the video. | | 2:06 You will see sparks from a bullet striking the fencing. A | bit higher up than the signal flash, and on the extreme left of | the video. | | 3:01 Toward the middle right of the video, a bullet striking | the fencing. | | Update: NPR article with timing of events seen in video. They | say first flash is also bullet related and not the signal flash | I thought it might be. | | https://www.npr.org/sections/thetwo-way/2014/02/05/272015606... | urda wrote: | Thanks so much for this. | daneel_w wrote: | There are a few smaller and larger sparks now and then. The | resolution, quality and low frame rate renders the entire video | more or less useless. | guerrilla wrote: | Starting at 1:50 you can see a flash at the bottom, after 2:00 | you can see sparks occasionally on the left fence and the fence | to the top-right. There's more sparks before 3:00. The video | could certainly be shortened. | valuearb wrote: | 2015: "While we have not yet identified the shooter, there's some | indication it was an insider," said Caitlin Durkovich, assistant | secretary for infrastructure protection at the Department of | Homeland Security. | csilverman wrote: | I always wondered about this. First thing that crossed my mind | at the time was that it was (1) idiots who thought it would be | fun to cause high-profile trouble, or (2) terrorists, but it | sounded a bit sophisticated for #1 and as far as I know, no one | ever claimed credit for it. | | After reading one of the references | (https://money.cnn.com/2015/10/16/technology/sniper-power- | gri...), and learning that they think it might have been an | insider, a third possibility occurs to me: what if it was | someone--maybe a PG&E employee--who knew first-hand how | unprotected this infrastructure was, and wasn't being taken | seriously? Especially given the Homeland Security report a year | earlier about how easy this kind of attack would be. | | Conspiracy-theory stuff, maybe, but: | | > _The assault...became a harsh wake-up call for energy | providers, who have since become obsessed with the physical | security of their remote power stations._ | | > _PG &E alone has pledged to spend $100 million to improve | security at its facilities...Transformers are often custom | designed, sometimes costing $3 million each--and replacements | are slow. Plus, physical attacks on energy distribution | machines are much more effective at taking out the power grid | than a computer hack. And it's incredibly easy to pull off, | several energy utility firms told CNNMoney._ | | > _Experts attending GridSecCon, held by the North American | Electric Reliability Corporation this week, are now discussing | the need to enclose electronics in 1 /2-inch thick armor | plating that can stop high-powered rifle rounds. Power | utilities have started loading remote substations with infrared | cameras, gunshot audio sensors and even seismic recorders that | catch vibrations._ | [deleted] | bargle0 wrote: | There's a fourth option: intentional vandalism that isn't | terrorism, like the fire on the USS Miami. | [deleted] | csilverman wrote: | Yeah, arbitrary vandalism was the first option I | considered. Can't rule it out, although whoever did this | seems to have shown more caution/coordination than you'd | expect from a couple of drunk idiots taking potshots at | street signs. | skylanh wrote: | Well, if we're doing actionable conspiracy theories then: | | - it caused $15 million in damage, and $100 million in | updated security -> contractor needing work | | - it was a "domestic terrorism" event -> what legislation or | policies were on the table at this time? | | Those would be my starting points. | csilverman wrote: | Someone else mentioned job security/contracts as a possible | motivation. It makes sense. | | I'm less sure about the terrorist angle. The point of a | terrorist act is to advance or discourage a specific | political agenda; that only works if you're clear about who | you are and why you did it, though. These guys never did | that (although maybe scaring PG&E into securing their | facilities roughly fits the definition of goal-oriented | violence, even if it wasn't motivated by politics). | luma wrote: | Maybe somebody trying to sell physical infrastructure | security solutions to PG&E? | csilverman wrote: | I actually hadn't considered the idea that they might have | a financial interest in grid security. It makes a certain | kind of sense. | natch wrote: | The only significant facility I can think of in this area is the | IBM Almaden Research Lab. It and another IBM office are very | specifically in that area, which is an odd connection. Can't say | whether their electrical service is provided by that substation, | but they are geographically very close. | | https://goo.gl/maps/i7NWjxfomyXvZCBY9 | arnaudsm wrote: | On a similar register, multiple French power plants were scouted | by unidentified drones in the past 5 years. Transformers are an | fragile point of failure of an entire country infrastructure. I | hope security has improved since then. | 2OEH8eoCRo0 wrote: | Why is it called an act of domestic terrorism? Was it | ideologically motivated? | tyingq wrote: | Good question since they didn't catch anyone. It looks pretty | remote, so perhaps not surprising the culprit wasn't seen. | ojbyrne wrote: | It's in a suburb of San Jose. I don't think it can be | classified as "remote." | tyingq wrote: | Well, it doesn't look urban or suburban to me. But, hey, | you're the expert. | | https://www.google.com/local/place/fid/0x808e2f6cead39bb3:0 | x... | [deleted] | mlyle wrote: | It's right along the freeway. A couple hundred thousand | commuters from south SJ suburbs pass it every day. It's | in a little band of open space between South San Jose and | those suburbs. | | https://goo.gl/maps/2TfHJKYXBExg4SqH7 ___________________________________________________________________ (page generated 2020-08-29 23:00 UTC)