[HN Gopher] Metcalf Sniper Attack
___________________________________________________________________
Metcalf Sniper Attack
Author : rococode
Score : 85 points
Date : 2020-08-29 18:25 UTC (4 hours ago)
(HTM) web link (en.wikipedia.org)
(TXT) w3m dump (en.wikipedia.org)
| urda wrote:
| I remember this, still wild re-reading the entire record of
| events.
| areoform wrote:
| The reason why the Intelligence Community freaked out is because
| this is exactly the kind of small-scale test they'd do to test a
| possible attack pattern.
| https://foreignpolicy.com/2013/12/27/military-style-raid-on-...
|
| The people spooked here _are_ spooks. And that should be telling
| for those of us on the outside. It 's an attack scenario no one
| had planned for.
|
| I would highly recommend this article by Michael Lewis (and his
| book) that explores related systemic risk,
| https://www.vanityfair.com/news/2017/07/department-of-energy...
|
| > The safety of the electrical grid sat at or near the top of the
| list of concerns of everyone I spoke with inside the D.O.E. Life
| in America has become, increasingly, reliant on it. "Food and
| water has become food and water and electricity," as one D.O.E.
| career staffer put it. Back in 2013 there had been an incident in
| California that got everyone's attention. Late one night, just
| southeast of San Jose, at Pacific Gas and Electric's Metcalf
| substation, a well-informed sniper, using a .30-caliber rifle,
| had taken out 17 transformers. Someone had also cut the cables
| that enabled communication to and from the substation. _"They
| knew exactly what lines to cut," said Tarak Shah, who studied the
| incident for the D.O.E. "They knew exactly where to shoot. They
| knew exactly which manhole covers were relevant--where the
| communication lines were. These were feeder stations to Apple and
| Google."_ There had been enough backup power in the area that no
| one noticed the outage, and the incident came and went quickly
| from the news. But, Shah said, "for us it was a wake-up call." In
| 2016 the D.O.E. counted half a million cyber-intrusions into
| various parts of the U.S. electrical grid. "It's one thing to put
| your head in the sand for climate change--it's like manana," says
| Ali Zaidi, who served in the White House as Obama's senior
| adviser on energy policy. _"This is here and now. We actually
| don't have a transformer reserve. They're like these million-
| dollar things. Seventeen transformers getting shot up in
| California is not like, Oh, we'll just fix the problem. Our
| electric-grid assets are growingly vulnerable."_
|
| > In his briefings on the electrical grid MacWilliams made a
| specific point and a more general one. The specific point was
| that we don't actually have a national grid. Our electricity is
| supplied by a patchwork of not terribly innovative or
| imaginatively managed regional utilities. The federal government
| offers the only hope of a coordinated, intelligent response to
| threats to the system: there is no private-sector mechanism. To
| that end the D.O.E. had begun to gather the executives of the
| utility companies, to educate them about the threats they face.
| "They all sort of said, 'But is this really real?' " said
| MacWilliams. "You get them security clearance for a day and tell
| them about the attacks and all of a sudden you see their eyes go
| really wide."
|
| _Edit_
|
| _Personal Interpretation:_ Someone hired highly trained
| mercenaries (?) to operate on US soil to test destroying critical
| infrastructure that led directly to Apple + Google. Large,
| stationary, expensive infrastructure that is lacking in
| redundancy.
|
| They knew exactly what targets to hit. It follows that they knew
| that there was backup capacity in the system. This was a test
| run. And bullets are cheap.
|
| What if instead of one team for one location, it had been three
| teams for three locations? Or, four? Five? Six? Could they have
| successfully crippled the nation? And plunged the stock market?
| bonchicbongenre wrote:
| The answer: yes, they could've. I had a professor who
| previously had been part of a US gov group that had been tasked
| with preparing for an attack on the electrical grid, all the
| way back in the tail end of the cold war. His impression of the
| security of the US grid was that it was completely unsecured.
| He told me that they had no chance of solving the problem then,
| and that he expects the same is still the case. His worst fear
| is a large EMP attack, not locally cutting powerlines, but the
| danger still stands
| thinkling wrote:
| > They knew exactly what targets to hit. It follows that they
| knew that there was backup capacity in the system. This was a
| test run. And bullets are cheap.
|
| Sounds like perhaps this was a white hat actor intending to
| push others to get serious about these risks?
| baybal2 wrote:
| Kind of useless act it was then.
|
| Fences, and cameras would not stop a well armed sabotage
| team.
| nullc wrote:
| Sounds like a great promotion for someone selling substation
| security.
| jonathankoren wrote:
| That's not the only weird sabotage that has happened in San Jose.
| Back in 2009, someone intentionally cut some fiber optic cables.
| They've never been found.
|
| https://www.mercurynews.com/2009/04/09/san-jose-police-sabot...
| tyingq wrote:
| Probably someone hoping for copper to scrap.
| Beldin wrote:
| I don't understand why this is called a terror attack. From the
| article it seems managers got spooked, sure. But it doesn't read
| as if the general population was.
|
| Granted, it's possible the attack failed to achieve its goal and
| that's why the population is not terrorised. But even then: an
| actual terrorist could've easily kept track of news on damages
| caused and how close to great effect they had come. That would
| surely incentive them to try again. But I'm not aware of that
| happening.
|
| So what is the terror angle here?
| save_ferris wrote:
| The terror angle is that someone tried to disrupt a major
| component of the electrical grid. It's hard to imagine a motive
| for such an attack that doesn't involve trying to cause major
| panic to a community. That's definitely qualifiable as
| terrorism.
|
| Just because they didn't attempt again (that we know of)
| doesn't mean that they weren't terrorists to begin with. Also
| noted in the article, investigators later believed it to be an
| inside job. This goes into wild speculation, but if the
| attackers worked at DHS, they may have known how close an
| investigation came to revealing them and opted not to try
| again. We'll probably never know why though.
| digi59404 wrote:
| I was on duty as security for a.. semi secret substation
| designated as critical infrastructure that night. In the Bay
| Area, we just had to divert power a little bit. It basically
| didn't affect the grid at all.
|
| Everyone was all a little more worried as to if this was
| isolated, if we were next, etc etc.
|
| Transformers that are small are often on hand and easy to swap
| out. But some of the bigger ones have months long lead times. The
| facility we were at had transformers that had a 6 month lead time
| from Germany to replace them and they had to be sent via boat as
| they wouldn't fit in planes.
|
| The average person isn't going to know that about transformers.
| Which leads more credence to the fact it's an inside job.
| crehn wrote:
| Out of curiosity, how does one "divert power"?
| MadVikingGod wrote:
| What that practically means is power that would have normally
| come through those substation would be delivered by some
| other source, and thus go through a different set of
| substations.
|
| What most people don't understand is that it's important that
| the demand + the transmission losses = the production, not
| just as a whole, but also for each link. To help with that
| most places don't produce 100%, and a lot of higher power
| links are redundant. But that can only cover so much. If it's
| not a high demand day you can probably source power from
| other providers, but sometimes that's not enough.
| greedo wrote:
| "The average person isn't going to know that about
| transformers. Which leads more credence to the fact it's an
| inside job."
|
| Or that the perpetrators were well informed about
| infrastructure vulnerabilities.
| natcombs wrote:
| That video does not appear to show anything for four minutes. Did
| I miss something?
|
| Edit: Now I have a feeling that I got trolled and that's the
| point of the video
| unkeptbarista wrote:
| The action is easy to miss after nearly two minutes of nothing
| happening. If you fast forward you might not see it at all.
|
| 1:54 What I believe is the signal flash near the fencing. Lower
| left of the video.
|
| 2:06 You will see sparks from a bullet striking the fencing. A
| bit higher up than the signal flash, and on the extreme left of
| the video.
|
| 3:01 Toward the middle right of the video, a bullet striking
| the fencing.
|
| Update: NPR article with timing of events seen in video. They
| say first flash is also bullet related and not the signal flash
| I thought it might be.
|
| https://www.npr.org/sections/thetwo-way/2014/02/05/272015606...
| urda wrote:
| Thanks so much for this.
| daneel_w wrote:
| There are a few smaller and larger sparks now and then. The
| resolution, quality and low frame rate renders the entire video
| more or less useless.
| guerrilla wrote:
| Starting at 1:50 you can see a flash at the bottom, after 2:00
| you can see sparks occasionally on the left fence and the fence
| to the top-right. There's more sparks before 3:00. The video
| could certainly be shortened.
| valuearb wrote:
| 2015: "While we have not yet identified the shooter, there's some
| indication it was an insider," said Caitlin Durkovich, assistant
| secretary for infrastructure protection at the Department of
| Homeland Security.
| csilverman wrote:
| I always wondered about this. First thing that crossed my mind
| at the time was that it was (1) idiots who thought it would be
| fun to cause high-profile trouble, or (2) terrorists, but it
| sounded a bit sophisticated for #1 and as far as I know, no one
| ever claimed credit for it.
|
| After reading one of the references
| (https://money.cnn.com/2015/10/16/technology/sniper-power-
| gri...), and learning that they think it might have been an
| insider, a third possibility occurs to me: what if it was
| someone--maybe a PG&E employee--who knew first-hand how
| unprotected this infrastructure was, and wasn't being taken
| seriously? Especially given the Homeland Security report a year
| earlier about how easy this kind of attack would be.
|
| Conspiracy-theory stuff, maybe, but:
|
| > _The assault...became a harsh wake-up call for energy
| providers, who have since become obsessed with the physical
| security of their remote power stations._
|
| > _PG &E alone has pledged to spend $100 million to improve
| security at its facilities...Transformers are often custom
| designed, sometimes costing $3 million each--and replacements
| are slow. Plus, physical attacks on energy distribution
| machines are much more effective at taking out the power grid
| than a computer hack. And it's incredibly easy to pull off,
| several energy utility firms told CNNMoney._
|
| > _Experts attending GridSecCon, held by the North American
| Electric Reliability Corporation this week, are now discussing
| the need to enclose electronics in 1 /2-inch thick armor
| plating that can stop high-powered rifle rounds. Power
| utilities have started loading remote substations with infrared
| cameras, gunshot audio sensors and even seismic recorders that
| catch vibrations._
| [deleted]
| bargle0 wrote:
| There's a fourth option: intentional vandalism that isn't
| terrorism, like the fire on the USS Miami.
| [deleted]
| csilverman wrote:
| Yeah, arbitrary vandalism was the first option I
| considered. Can't rule it out, although whoever did this
| seems to have shown more caution/coordination than you'd
| expect from a couple of drunk idiots taking potshots at
| street signs.
| skylanh wrote:
| Well, if we're doing actionable conspiracy theories then:
|
| - it caused $15 million in damage, and $100 million in
| updated security -> contractor needing work
|
| - it was a "domestic terrorism" event -> what legislation or
| policies were on the table at this time?
|
| Those would be my starting points.
| csilverman wrote:
| Someone else mentioned job security/contracts as a possible
| motivation. It makes sense.
|
| I'm less sure about the terrorist angle. The point of a
| terrorist act is to advance or discourage a specific
| political agenda; that only works if you're clear about who
| you are and why you did it, though. These guys never did
| that (although maybe scaring PG&E into securing their
| facilities roughly fits the definition of goal-oriented
| violence, even if it wasn't motivated by politics).
| luma wrote:
| Maybe somebody trying to sell physical infrastructure
| security solutions to PG&E?
| csilverman wrote:
| I actually hadn't considered the idea that they might have
| a financial interest in grid security. It makes a certain
| kind of sense.
| natch wrote:
| The only significant facility I can think of in this area is the
| IBM Almaden Research Lab. It and another IBM office are very
| specifically in that area, which is an odd connection. Can't say
| whether their electrical service is provided by that substation,
| but they are geographically very close.
|
| https://goo.gl/maps/i7NWjxfomyXvZCBY9
| arnaudsm wrote:
| On a similar register, multiple French power plants were scouted
| by unidentified drones in the past 5 years. Transformers are an
| fragile point of failure of an entire country infrastructure. I
| hope security has improved since then.
| 2OEH8eoCRo0 wrote:
| Why is it called an act of domestic terrorism? Was it
| ideologically motivated?
| tyingq wrote:
| Good question since they didn't catch anyone. It looks pretty
| remote, so perhaps not surprising the culprit wasn't seen.
| ojbyrne wrote:
| It's in a suburb of San Jose. I don't think it can be
| classified as "remote."
| tyingq wrote:
| Well, it doesn't look urban or suburban to me. But, hey,
| you're the expert.
|
| https://www.google.com/local/place/fid/0x808e2f6cead39bb3:0
| x...
| [deleted]
| mlyle wrote:
| It's right along the freeway. A couple hundred thousand
| commuters from south SJ suburbs pass it every day. It's
| in a little band of open space between South San Jose and
| those suburbs.
|
| https://goo.gl/maps/2TfHJKYXBExg4SqH7
___________________________________________________________________
(page generated 2020-08-29 23:00 UTC)