FOREWARNING: Things in America have been growing bleaker by the moment. The month of November may the worst we’ve seen yet. We are already aware that SNAP (Supplemental Nutritional Assistance Program) will sunset on November 1st, which is just around the corner. News reports of the DHS spending an additional $80 million dollars to protect themselves in case of massive rioting in America, have also made their way into the headlines. While this may sound daunting and disconcerting, it may not even be the thing we need to focus on the most, especially with the GRIDEX Games being held during the middle of the month.
GRIDEX 2013 is a continental exercise amongst neighboring countries. Namely, Canada, Mexico and the entire United States. GRIDEX is an exercise in which the vulnerabilities of all infrastructure grids, water, electric, communication and even nuclear reactors, will be tested, as if they were under attack. These “exercises” have been held previously. However, a new report coming out just this week sheds some serious light on the problems we could all potentially face. This is a platform ripe for launching another false flag attack, and this year, the “exercise” has a very real chance of going live.
“Over the past few months, the discoveries of two engineers have led to a steady trickle of alarms from the Department of Homeland Security concerning a threat to the nation’s power grid. Yet hardly anyone has noticed.
The advisories concern vulnerabilities in the communication protocol used by power and water utilities to remotely monitor control stations around the country. Using those vulnerabilities, an attacker at a single, unmanned power substation could inflict a widespread power outage.
Still, the two engineers who discovered the vulnerability say little is being done.
Adam Crain and Chris Sistrunk do not specialize in security. The engineers say they hardly qualify as security researchers. But seven months ago, Mr. Crain wrote software to look for defects in an open-source software program. The program targeted a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems. Utility companies use S.C.A.D.A. systems to monitor far-flung power stations from a control center, in part because it allows them to remotely diagnose problems rather than wait for a technician to physically drive out to a station and fix it.
Mr. Crain ran his security test on his open-source DNP3 program and didn’t find anything wrong. Frustrated, he tested a third-party vendor’s program to make sure his software was working. The first program he targeted belonged to Triangle MicroWorks, a Raleigh, North Carolina based company that sells source code to large vendors of S.C.A.D.A. systems. It broke instantly.
Mr. Crain called Mr. Sistrunk, an electrical engineer, to see if he could help Mr. Crain test his program on other systems.
“When Adam told me he broke Triangle, I worried everything else was broken,” said Mr. Sistrunk.
Over the course of one week last April, the two tested Mr. Crain’s software across 16 vendors’ systems. They did not find a single system they couldn’t break.
By the end of the week, the two had compiled a 20-page report replete with vulnerabilities in 16 different system vendors for the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, I.C.S.-C.E.R.T., which notifies vendors of vulnerabilities and issues public advisories.”
Nothing has been done, or is being done, to fix any of these vulnerabilities prior to the implementation of GRIDEX 2013. November 13-14, 2013 is when this “exercise” is supposed to kick off. Be prepared for there to be temporary, and even lengthy, disruptions with the infrastructure systems we all take for granted. This could very well be the month America goes dark!