tv Washington Journal Blake Sobczak Discusses Energy Grid Security CSPAN July 16, 2017 8:02am-8:32am EDT
in a bipartisan way, we have said we wanted. -- want it. i think the cleanest way is to the my bill, which mirrors exact language of the bill passed in the senate. it is very difficult talking about it in the abstract because a million things could happen. you change one word, and the whole thing can unravel as we have seen many times. host: you can see the entire interview with representative eliot engel today at 10:00 a.m. and 6:00 p.m. here on c-span. newsmakers is always available online at c-span.org. we are joined this morning by blake sobczak. he joins us to talk about energy grid security in the wake of
recent cyber hacks. let's talk about threats to nuclear power plants. guest: u.s. authorities recently became aware of a sophisticated hacking campaign targeting the u.s. and abroad and manufacturing firms. there are no signs that nuclear safety systems were affected. the bad news is it signals an alarming willingness on the part r critical to go fo systems. host: how many participated in this attempt? guest: details are few. multiple sites were affected. the new york times reported that will create nuclear generating system was impacted. safe andrt they were
were not affected. host: where they specifically trying to target power generation or distribution? guest: that is not clear at this point. hackers were sending out phishing emails, which are designed to get employees to click on hijacked documents. aty were clearly directed the power grid. luckily, once you click on the documents, you are in the corporate network. that is pretty well cordoned off. it is not clear that they were able to actually worm their way into the grid. this has been going on since may. authorities have been tracking several advanced threats, which is government
parlance for government-backed groups. authorities believe russian link hackers are two blame. i have not been able to confirm that. they have cautioned against drawing too many conclusions early in an investigation. specialists are coming through different science and looking for clues as to who may be responsible. if it is linked to russia, that could be a thorny diplomatic issue for president trump to deal with. host: what is the and again? -- end game? guest: it is not clear. this could be a cyber espionage campaign to gain intelligence in case there was some attempt later in the future on u.s.
critical infrastructure to carry out some goal. such an attack on the u.s. would be unprecedented. host: energy grid security is the topic of the next to five minutes or so on -- next 25 minutes or so on "washington journal." democrats (202) 748-8000. republicans (202) 748-8001. independents (202) 748-8002. czek is the guest from e&e news. his story from june 27 talking about the nuclear 17 attempted hack, a story that got a lot of attention around the country. you can call in now with questions and comments.
who owns and operates new air power plants, -- nuclear power plants, and are there federal requirements for cyber security? guest: that is a good question. operatingabout 60 power plants in the country that are highly regulated and owned by private companies. sets ofe two separate cyber security regulations that apply. on the nuclear safety side, that is handled through the nuclear regulatory commission. they set binding cyber security standards. those have been in place beginning in 2009, and just now ramping wrapping up -- up to their final stage plans. host: why has it taken eight
years to have that comprehensive plan in place? guest: this is a new issue. cyber security has not been traditionally associated with these old operational, analog networks running the controls. this is something industry and government have had to grapple with. that is part of the reason these rules have taken a long time to progress. host: in terms of congressional reaction to these latest hacking attempts, are there plans to update the standards? guest: democrat of massachusetts out week, and malarkey, set a comment questioning these regulations in light of these hacks. it is not clear that those standards would need to be updated based on this attack, but there is a lot of attention,
and another senator, maria cantwell of washington has emphasized the need to study the threat from russia-based hackers. host: if you have questions on energy grid security. this is the right person to ask. focuses on this at eenews.net. springfield.rning, caller: good morning. my comment or question is not directly related to cyber attacks. i wanted to ask if you are familiar with thorium nuclear power as opposed to uranium nuclear power? host: why do you ask? caller: laurie on is a product available for use -- thorium is
available for use today. it has been tested that if something was to happen, say a cyber attack, or even a weapons attack on a nuclear power plant that the devastation from it would be minimal as opposed to uranium, which would be devastating. bridgeduct that light incorporated has developed is a seating process by which they take thorium and seed it to get it to a temperature of 400 degrees as opposed to 1600 degrees for uranium. it is safer. you cannot make a nuclear weapon out of it. in its natural state, a person can actually pick thorium up off
the ground. host: thanks. guest: president trump has signaled he is interested in pursuing and boosting nuclear power in the u.s. as part of the u.s. energy policy. i think that will be getting some attention. i would emphasize that the existing nuclear power plants that are running on more conventional nuclear fuels would still be around for many years. all of them are not planned on being decommissioned in the next few years. that is something the u.s. will have to deal with regardless for some time. host: for all of these different energy sources, whether it is one kind of nuclear or another, or call power, is there one system that is the most honorable right now -- vulnerable right now?
guest: that is a great question. that has come up in policy circles, especially comparing renewables to some of the more nuclear, coal, thermal sources of energy. there is a bit of dichotomy there. a centralizedg sites like nuclear to defend has some advantages in that you can really beef up security. on the other hand, the nature distributed generation might make it easier to defend in the sense that if you go after one, you're not really going to have a large impact on the system as a whole. that is being discussed, and i think the jury is still out on that as far as which is more secure. line, goas, republican ahead. caller: i was curious more about
the service downstream effect of the electrical grid and perimeter security and what is being done technology wise to protect the grid. i know there was an attack on the facility outside of san francisco that does not seem to be a test or something. no one followed up on the wording after the wall street journal exposed that -- the reporting after the wall street journal exposed that. guest: i assume you are referring to the attack on the lf station -- the metca substation in california. that was a physical attack by armed assailants. the wall street journal also reported that you could potentially disable as many as critical
substations around the country to cause a wide and distributed power outage. that would take a coordinated attack. that is something that regulators and the department of homeland security are looking at. that could ber if done. it is an open question. for the distribution grid, it gets trickier if you're talking up our lines going to your house and how people mostly care about electricity on a day-to-day basis. that power grid is a lot harder to defend. you could take out a single note or single powerline and cause localized power outages. federalnot something authorities are worried about as much because that could be repaired relatively quickly. host: baltimore, maryland.
go ahead. thisr: just wondering, speaks to a broader question of mutually assured destruction on a cyber level, which many are questioning whether that is a if that isn, something that can really hold in the same way that traditional neutral richard destruction -- traditional mutually assured destruction held during the cold war. guest: that is a great question. it is not at all clear that concept applies in cyberspace given how difficult it is to attribute cyber attacks to a particular group of hackers. it is often hard in the private sector and government for regulators to pour through all of this code.
part of the reason it is taking so long to get more details cyberthis latest nuclear set of incidences is it takes a long time. ofthe traditional idea mutually assured destruction, it is clear where the bombs are coming from, but in the cyber world, it is harder to find out and you may not find out at all. a lot of comparisons to 2015 and ukraine. you talk about techniques and tactics. thathere similarities with 2013 attempt -- that 2015 attempt? guest: there was a cyber attack on the ukraine power
distribution grid. they were able to plot out the network, learn a lot about it, figure out how to get into the operational side of the network and really wreak some have a. they managed -- some havoc. they were able to disrupt power in kiev. that was unprecedented at that point. u.s. analysts are looking closely at that example and seeing if the same techniques were used. commonalityils is a between the two. ukrainebelieve employees were tempted into clicking on an email that dealt with the russia conflict.
suspected to return the following year for an attack on ukraine's transmission grid which resulted in a power outage. host: good morning. independent. dolores, are you there? caller: yes, i am. host: turn down your tv. go ahead. caller: i am listening to c-span, and i'm not hearing you or him. host: that's ok. go ahead with your question. caller: my question is if anyone in the field can come in on any door as far as security and the u.s., the home field, we are so worried about china and the foreign countries, but they use
their technology, and i think we should use it too, and if we are not, we need to. host: what technology is this? caller: this is technology where they can walk right into your home, walk into your office, do whatever they want to our government. host: anything on that? guest: i will just say that there are a lot of advanced cyber defenses available to the power industry and now with the news of the latest incidents they will be looking at the latest technology to deploy i would imagine. there is also an increasing trend to digitization in the power grid generally and using smart technology to improve efficiency. some experts warn it could
introduce new vulnerabilities. host: new york, walter, republican. go ahead. caller: thank you. i have a question about why with the hackers waste time trying to hack into these systems when we cases,at the emp electromagnetic pulse can shut this country down very quickly. i can tell you from my own reading and studies that the adversaries, china, russia, north koreans, a have carefully studied our grid. if they take down using that emp, we will be in the 1850's in 15 minutes or less. what is going on with the efforts to harden the girid? host: thanks. guest: thank you for the question. there are some technologies
available to have some in the casen place strike, whichp involves detonating a nuclear weapon in the atmosphere and can take out a lot of electronic equipment. the defenses to that are similar to an unexpected solar storm. utilities try to keep backup equipment on hand in the event of an attack that were successful. as to why hackers would want to target new facilities, there are other possible goals other than disrupting the power grid. a lot of these nuclear power plant operators have potentially interesting and valuable intellectual property that could be of interest. it is not clear what the endgame
was. that is something u.s. authorities are looking closely. host: mike, democrat. go ahead. private security contractor. government, lot of defense contractors, a lot of contractor networks. it is not just phishing through emails. all night long i am fighting brute force attacks from ukraine, moscow, all places in russia, and we cannot forget about china. there is a lot of activity coming out of china also. it is not just that they are trying to get into our electric grid. they are trying to steal our secrets from everywhere. this is a nightly thing. every two seconds they try different passwords.
when you trace the ip address is, you find where they are -- ip addresses, you find where they are coming from. they're trying to get into networks. they're trying to get into the dns transfers, firewalls, routers. i think the problem is a little more in-depth. it would be horrible to be without electricity, but i think it would be just as horrible for our to get into one of defense contractors, to get into our state agencies. host: thank you for bringing that up. brute force attack, what is that? guest: it typically involves just taking a bunch of different ates added -- guesses
usernames and passwords in a network. hackers were able through phishing emails to steal encrypted versions of usernames and passwords for certain targets and that they could brute force those to unlock them. a wateringalso hole technique that involved hackers breaking into a web site and changing it so it had malware. basically banking on potential targets to visit those websites targetted. andmentioned ip addresses, the constant attackst there, one thing that has come up in my
reporting is that these nuclear systems do not have ip addresses. they are not linked into the public internet at all. basically, they have what is ode, which is ai one-way communication pathway. from outside the core nuclear reactor, you cannot send any commands. there is that complete separation from anything internet-related. that is called air gap security. there have been cases where that air gap has been breached by hackers with enough expertise. for instance usb drives being brought into the facility. host: ohio, democrat.
good morning. caller: i was wondering if we need to be concerned about the trump administration rolling back regulations concerning nuclear power, especially since you say at this time there are extra regulations being phased in. guest: i have not seen any indication that the trump administration is interested in rolling back these particular cyber security regulations. i have observed that security regulations have gained some bipartisan support at times. this area is not usually always ripe for deregulation in a republican led administration like this one. seen whats to be the trump administration will do. in may, they signed an executive
order directing a lot of studies to be undertaken about the issue and singled out the electric distribution grid and all abilities there. probably administration officials are waiting for results from that to rolling before they chart a course that is radically different. host: the budget plan is already out. are they moving money into this area? guest: they are. the trump administration has requested a boost in 2018 to homeland security cyber security funding. there are cuts to the department of energy and to some offices responsible for cyber security there. that has triggered this is him across as criticism --triggered criticism from democrats. caller: good morning. heardstion is i have
specialists on the military and as far as the energy goes, and their concerns have been to help us defend against an emp attack. my question is why haven't we, and is president trump going to do something? as far as i have heard, it is not very costly, and is one of the most important things we can do to affect ourselves. guest: thanks for the question. there are some defenses being investigated for this threat, hardening the great for such a case. -- the grid for such a case. some experts are skeptical of the actual risk of an emp attack. this is what you would call a high-impact, low-frequency
threat. if you have some nationstate or actor capable of detonating a nuclear weapon, how capable is that and how much time and money should be spent on that? that is something policymakers are working out now. the physics behind the threat are definitely real. host: eenews.net. if you want to follow him on sobczak. it is @blake thank you. host: we will talk about election laws as they relate to the russian investigation. later james jeffrey will drive to talk about the significance eldtaking back the isil hle held city of mosul.
coming up today at 2:00 p.m. on american history tv, all of our programs and concord will air together. >> minuteman national historical park was established to celebrate events that took place on april 19, 1775. behind me is the northbridge. they say is what is considered to be the beginning of the american revolution. it was here that americans, colonial militia, would encounter one another with the british, lives would be lost on both side. it is where the colonial militia was ordered to fire upon accused troops, creating an act of treason. charge wasfficer in aware of the growing tensions in the colony. about also aware
armaments collected in the colonies. was of particular interest that thomas gage wants to reclaim. four of those cannons make their way to concord. the home of colonel james barrett would be a place where someone be stored. some would be stored. thomas gage won to seize these arms and armaments that had been collected. he wanted to do it in a secretive fashion. when he gathered 700 british soldiers to come out here to concord to collect these arms, it was not the best kept secret. host: you can see our entire literary by of concord, massachusetts, today on