An email from an AlphaGeek.

I have this friend who is an AlphaGeek. One of the smartest persons I know, he is a computer hardware engineer with few peers and a Network Engineer cut from the same type of cloth. There is little he does not know, of can discuss with a rare eloquence, regarding all things technical. Even things like nuclear weapons, as his dad used to work in that field. Any technical subject, he evinces a rare understanding of detail and nuance.

Here is what he said. This is a paraphrase, but I strive for accuracy in relating his ideas:

" It is no secret that the blaster.worm attacked Windows NT varients. What is less known is that the blackout took place within a few short hours of the advertised activation time of the blaster.worm. What is even less known is that the control network for the power grid was run on primarily WindowsNT variants, with a few Linuces thrown in to the mix. Very few, indeed."

"Now, if you were Microsoft, with $40 Billion in the bank, how hard would you work and how much would you spend, to see that the fact that the blackout was caused by the blaster.worm and your sloppy, sloppy programming, never sees the light of day?"

Knowing this gentleman as I do, I consider these words of his well worth serious consideration. He is the sort of person that only uses tinfoil as a faraday shield, or to cover his Tuna Hot Dish, before it goes in the oven.

Although it is very unlikely that the worm caused the blackout, there is an intersting fact:
National Grid USA is mentioned as a customer of Northern Dynamics.
Northern Dynamics calls itself the "Home of the OPC Experts" and sells control systems using OPC.
OPC stands for "OLE for Process Control" and is based on COM/DCOM - the very component/interface containing the vulnerability attacked by blaster.

One link to back this up (German, I have found no English article, but I didn't look that hard)

http://www.heise.de/newsticker/data/ju-15.08.03-001/

I'm not 100% positive about this, but maybe you can tell me more (is this NERC a real institution? why not a .gov URL? ).

A paper by the North American Electric Reliability Council warned that a worm might have an influence on the grid

http://www.nerc.com/~filez/standards-cyber.html"> "Urgent Action - Cyber Security"

A letter by Charles E. Noble (CISSP Information Security, ISO New England) :
--snip
On January 25, 2003 the SQL Slammer Worm was released by an unknown source. The worm significantly disrupted many Internet services for several hours. It also adversely affected the bulk electric system controls of two entities for several hours. These events have been studied in detail. No unintentional control actions and nor service interruptions occured due to these events; however, both entities lost their ability to execute bulk electric system control from their primary control centers for several hours. Those who have studied these incidents believe that at least one would have been prevented had these actions set forth in the proposed standard been taken.
--snap
ftp://ftp.nerc.com/pub/sys/all_updl/standards/Chuck-Noble-RBB-Letter.pdf

I haven't really been following this but is the MS Blaster worm a suspect in the power outage? If so has anyone stated "how" it could have accomplished the shutdown?

... it's conceivable that the same COM/DCOM vulnerability exposed those systems to a different worm -- one which may have emulated events triggering the cascading shutdowns. Any investigation that fails to correlate control system software upgrades with generation shutdowns would be predisposed to blindness in that direction.

The vulnerability of the national electrical generation/transmission infrastructure has been known for some time. Indeed, it was a major area in which "Y2K" efforts were focused. As a result of increased Internet viability in the 90's and feverish Y2K project funding in the late 90's, control systems were migrated far too sloppily to NT-based systems and segregated interconnections were abdicated in favor of Internet connectivity. While there are design methods whereby critical systems employing Internet connectivity can be effectively isolated, those methods were not employed, favoring instead a commercialized approach wherein the investment in "smoke and mirrors" (e.g. the OTS cost/benefit cult) for the sake of contractor profits outweighed investments in technical acumen.

said the same thing to me.

Very interesting.

My non-techno friend and I wondered if reboots occurring repeatedly throughout a vulnerable system could slow control response times, while the energy flowed, thus inducing a cascade of failures.