tv Washington Journal Blake Sobczak Discusses Energy Grid Security CSPAN July 16, 2017 7:32pm-8:01pm EDT
huge and women cannot drive. we wanted to change this. the movement is going on. we are still campaigning for the right to drive. the right to drive is an act of disobedience. women are not supposed to drive. we show that we are capable of driving and being in the drivers seat of our own destiny. >> tonight at 8:00 eastern on c-span's q&a. next, a look at the u.s. energy grid and recent hacks to the system. this is 30 minutes. now at our desk this morning, he covers energy security issues here in washington dc he joins us to talk about energy
grid security. throughlk about threats nuclear power plants, was nuclear 17th. guest: u.s. security became aware of a sophisticated hacking attempt directed at the u.s. and abroad. this hacking campaign also targeted other power campaign -- companies. there is no sign that nuclear safety systems were affected. it does signal an alarming willingness on hackers to go after the most critical systems in america. host: how many nuclear power plants were targeted? details are few at this point, but multiple sites were affected. the new york times recently reported that -- was among those companies impacted. if his eyes their safety systems were safe and
were not affected by hacking spirit -- hacking systems. host: are they trying to target the distribution grid? guest: that is not clear. we know they were sending out emails that are designed to get employees to click on hijacked documents. these documents have a control engineer that resonates into them. at a power grid in that sense. once you click on these documents you are on the corporate network. it is not at all clear that they were able to actually learn their way into the operation on the side of the grid. since ateen going on least may. u.s. authorities have been tracking several advanced threats. thes entirely possible that hacking campaign was going on for a long time before that. host: who is doing it?
post said washington the russian linked hackers are suspected to be to blame. i have not been able to confirm that. i spoke to the official at the department of homeland security cautionedy and he against too many conclusions in an early investigation. u.s. specialist are still combing through signs and the code and looking for clues as to where this might have come from and who might be responsible. if it was russia, it could present a policy issue for trump and diplomatic issues for president trump to deal with. dot: what are they trying to , i they trying to shut down the system? guest: it could be a cyber espionage campaign gathering intel. in case there were some conflict to emerge in the future, with with these hackers want to ready themselves to be in a position
on infrastructure to carry out some sort of militia school. it is also possible they were out to disrupt grid and that is something voters are taking very seriously. such an attack on the u.s. would be unprecedented. topic onrgy grid is a washington journal. you can call in this morning. blake is with us and covers energy security. that is the website if you want to see some of his reporting, including nuclear breach, his story from june 27 talking about , a nuclear 17 attempted hack story that got a lot of attention around the country. you can call in with your andtries and -- questions
comments. who owns and operates nuclear power plants, and are there federal standards for cyber security? these nuclear power plants, there are about 60 in theng power plants u.s., with 99 reactors. a are owned by the private sector and large private utilities. on thee highly regulated nuclear safety side. there are two separate sites of regulations that apply. on the nuclear safety side, there is an agency called the nuclear regulatory commission. they set standards for the the -- for the nuclear operations. in 2009 and 2017 it are ramping up to their final stage where all nuclear power plant operators are expected to plan inomprehensive place, that is something the nrc is inspecting. host: why has it taken eight
years to have a comprehensive ban in place? guest: good question. this is a new issue. cyber security is not something traditionally associated with old operational analog networks running the controls in a nuclear power plant. this is something that both industry and government have had to grapple with. that is why these roles have taken a long time to progress and be implemented. terms of congressional reaction for the latest hacking attempt, is there a plan to upgrade those standards, review those standards in light of what just happened? ofst: the democrat massachusetts sent out a letter questioning whether the current standards and regulations are effective in light of these recent hacks. so far there is no indication that the hackers really accomplished a breach of safety system. it is not clear that those standards would need to be updated based on that. attention.lot of
another senator of washington has also emphasized the need to really study, particularly the threat from russia taste hackers. democratsmething that of been urging the trump administration to do. host: if you have questions on energy grid security, this would be the right person to ask. news.net.e line for democrats, good morning. caller: good morning. is -- my question is not directly related to cyber attacks. i wanted to ask if he was familiar with the william nuclear power? host: why do you ask? --thorium is am product in use today.
they have spent the last 35 years developing, perfecting and if something was to happen. say, a cyber attack or a weapons attack on a nuclear power plant that the station would be very minimal as opposed to uranium, which would be devastating. that light bridging incorporated has developed is a seating process, by which they rium which is uranium's little brother and they seated ofget it to a temperature 400 degrees as opposed to 1600 degrees. it is safer, it cannot -- you cannot make a nuclear weapon out of it. in its natural state it person can pick it up off the ground. host: thank you for bringing
that up. i will say that president trump has signaled he is interested in pursuing and boosting, i believe were his words, nuclear power in the u.s. as part of his administration's energy power. i do expect that is something that will get attention in the trump administration. i want to emphasize the existing nuclear power plants that are running on more conventional fuels, which will still be around for many years. all of them are not planned on being decommissioned. that would be something the u.s. will have to do -- deal with for some time. only talk about the energy grid and other sources, whether it is one type of nuclear power or another, is there one part that is considered the most vulnerable, then needs the most attention? that is something that
has come up in policy circles, particularly when renewable sources -- when comparing renewable sources energy to a more nuclear or call sources of energy. coal sources of energy. some experts say it has some advantages in the sense that you can beef up security of different distributed resources. the nature of that generation distributed my also make it easier to defend. after one, you will not have a large impact on the system as a whole. that is beinging discussed. i think the jury is still out on that, as far as which is more secure on a hacking standpoint. host: tim, republican, go ahead. caller: i was concerned about the surface downstream of the
electrical grid and perimeter is being donewhat technology wise to protect the grid. i know there was an attack on the facility outside of san that seemed to be a test or something and no one followed up on the reporting after the wall street journal expose that. if you could just comment on that, i would appreciate it. guest: thanks for asking me that. i assume you are referring to the attack on a metcalf station in california, which was a physical attack a heavily armed assailants. the government never did completely traceable was responsible. it raises interesting questions about security of the grid. the wall street journal also reported that you could just as fewdisable as nine critical substations
around the country to cause a really large and widescale power outage. obviously take an organized attack. it is something that regulators at the commission and the department of homeland security looking at. whether or not that could reasonably be accomplished or they would know which stations to target on an open day is an open question. downstream,ent on in the distribution grid it gets a little trickier if you talk about power lines to your house. most people care about electricity on a day-to-day basis. distribution power grid gets a lot harder to defend because you can take out a single powerline and cause localized outages. that is not what federal authorities are worried about, because that is something that could be repaired relatively quickly without much impact to the broader grid. wondering,as just
broader in speaks to question to nuclear destruction on a cyber level. if that isestioning a valid notion. if that is something that can really hold. it was held in the cold war. i wanted to get your perspective on that. guest: that is a great question. that sort of concept applies in cyberspace. attribute cyber attack to a particular group of hackers. it is heard in the cyber sector and the government for analyst looking at this. it could be in a norma's task to comb through all this code, find signals or patterns related to pass campaigns. strategiese targets,
and techniques used by the hackers. part of the reason you are seeing it is taken so long to get information about this nuclear cyber attack, it takes time. ,ersus the traditional contexts .t is ready -- is pretty clear in cyberspace a could take a lot more time and effort to find that, sometimes you might not find it at all. host: we talked about can -- nuclearons for stability. a lot of comparisons for 2015 and ukraine. we talk about techniques and tactics. are there similar similarities that we are seeing there? in 2015, in december in ukraine, there was a cyber attack on a power distribution grid. hackers had managed to
multiple distribution utilities beforehand. they learned a lot about the network and figured out how they can log into the operational side of the network and really wreck havoc. the advantage to disable power for a few hundred thousand customers in -- in parts of ukraine. that was without precedent at that point. there was never before a successful heart attack on a power grid anywhere in the world. u.s. analyst are looking at that and seeing if the same techniques were used. the fishing emails is a commonality between the two. experts believe that ukrainian employees were duped into clicking on a very tempting the email that could be an interest for the conflict of russia in the ease. that has been traced to russia linked hackers that are
suspected to have returned the following year for an attack on ukraine's transmission level grid, which resulted in a power outage for a few hundred individuals. host: good morning. are you there? caller: yes i am. host: turned on your tv. -- turn down your tv. caller: i am not hearing you are him. do not listen to the tv. what is your question -- host: what is your question? caller: has anyone considered that close technology has come .n -- could come in on any door we are so worried about china and concerned about all the foreign countries but they use technology.
i think we should use it more to. this is a security issue. host: what technology is this? technology. is -- they can walk into your home, into your office. they could do whatever they want to our government. host: anything there on that? guest: i will just say that there are a lot of advanced defenses available to the power now with these latest incidents they will be looking at the latest technologies to deploy on some of their systems. increase inre is an digitization and the power grid and using smart grid technology. potential toymous improve proficiency on how it gets moved around the u.s. network. couldxperts warn it introduce newborn abilities and ways for attackers to get in. host: walter, republican, go
ahead. caller: thank you for being here for us. i have a question about why would hackers waste time trying to hack into the systems will we know that the emp cases, the electromagnetic pulse cases are out there and we could shut the country down very quickly? i could sell you from my own , ourng and studies adversaries, china, russia, north korea have carefully studied our grid. down using that emp, we will be in the 1850's in 15 minutes or less. what is going on with the efforts to harden the grid? ould you give us an update? guest: there are some technologies available to have some governance and place in the
event of an emp strike. it involves detonating a nuclear weapon high above in the atmosphere, the impact from that can essentially wipe out a lot of electronic communication and equipment. the defenses for that are those of unexpected solar storm or solar weather. a lot of utilities try to keep backup equipment on him -- on hand in it event of summing like this should happen. you want to target nuclear facilities? there are other goals beyond just attempting to disrupt that power grid that a hacker could be interested in. a lot of these nuclear power plant operators have a lot of interesting and valuable property behind some of the safeguards there. endgamet clear with the here was a that is something that u.s. a 30's -- u.s. of
authorities are looking very closely at. i am a private security contractor or. -- contractor. we monitor a lot of government and defense contract or her networks. -- contractor networks. i am fighting attacks from ukraine, moscow and all sorts of places in russia and we really cannot forget about china. there is a of activity coming out of china also. it is just not that they are trying to get into our elected grid. the air china still all of our secrets from everywhere. this is a nightly thing. every two seconds they tried different passwords. when you trace the ip, you
finally they are coming from. we are constantly having to update security and block different groups from trying to get into the networks. they are trying to come into i think the routers polymer is a little more in-depth. it would be if orbital thing to be without electricity, but i think it would be just a horrible thing to find out some of our new defense plans. agencies.our defense brute force attack, what is that? involves typically taking a bunch of different guesses at combinations of username and passwords to break into a network. there was an element involved in
the recent nuclear cyber security attack. were able to steal encrypted versions of usernames and passwords for certain targets, then they had to group those to unlock them and be able to use them. techniques used in the latest campaign, including a watering hole technique that involves hackers hacking into a website, changing it so that it actually uses malware with anyone who visits that site. the energy related websites were hit, basically thinking on their victims are potential targets to visit those targets and getting back to it. we mentioned in the protocol ip thatsses and the attacks are brushing anything connected to the internet. one thing that has come up a lot is particularly in the nuclear context.
these systems do not have ip addresses. they are not linked into the public internet at all. there are very sharp divisions between even the internal local area network or the nuclear operator and the internal control system that goals even deeper. they have what is called a data diode, which is a one-way communication pathway. from outside the court nuclear reactor you cannot send anything to tweak the system they are in. that is a large part of the defense there that is complete separation from anything internet related. security experts do question that and they have been cases where it has been preached by expertise toenough try to work around that somehow, maybe with usb drives getting primed to the protection environment. it is very difficult and it cost a lot for an attacker. i was wondering if we
need to be concerned about the trump administration concerning nuclear power? especially since you say at this time there are extra regulations being phased in? i have not seen any indication that the trump administration is interested in rolling back particular samples -- cyber security regulations. i have observed that security regulations regain some bipartisan support sometimes. this is an area that is not for deregulation in a republican letter ministration like this one. it remains to be seen what exactly the trump administration will do about security. certainly in may, president trump signed an executive order on strengthening cyber security for infrastructure networks.
there was a lot a to be undertaken about -- and it distributed on abilities and electrical grid. they are probably waiting for results of those two role in before they really chart a course that is radically different from the past administration. plan ise trump budget already out. are they moving money to this area to congress? in thethey are department of homeland security. the republican administration has requested a boost in fiscal 2018 to improve cyber security funding. however, there are cuts proposed at the department of energy, in particular, some offices particular first -- some offices for cyber security. there may -- there are democrats who worry there may not be enough attention paid to the hacking issue. good morning, gentlemen.
my question is, i have heard , asialist on the military far as energy goes. their concern has been to help emp attack.ainst in my question is, why haven't we and is president trump going to do something? as far as i have heard, it is not very costly and it is one of the most important things we can do to protect ourselves and our country. as i mentioned earlier, there are some defense is investigated for this emp threat and hardening the grid for such a case. there are experts who are a little bit skeptical about the actual risk of an emp attack. this is a good example of what you would call a high impact low-frequency threat. -- someave some store
sort of nation capable of detonating a nuclear weapon, how likely is that an how much time and attention and money should be spent on that. that is something that good operators and policymakers are figuring out right now. certainly the physics behind the threat are very real. is eenews.net. i appreciate the time this morning. guest: thank you. >> c-span, where history unfolds daily. 1970 nine, c-span was created as a public service by america's cable television companies. it is brought to you today by your cable or satellite provider. >> tonight on c-span, q&a with ,omen's rights activists followed by prime minister's
questions at the british house of commons. former presidents bill clinton and george w. bush talk about the importance of leadership while sharing stories about their times in the white house. ♪ >> this week on q&a, saudi arabia and's women's rights -sharif talksal al about her book "daring to drive: a saudi woman's awakening." calledou have a book "daring to drive." why did you write this? tough question. i never thought of writing a book. when i started the movement, i did a speech. people