UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
December
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#39097 - 04/06/04 02:49 PM Worm 'did not cause' US blackout
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
Human and computer failures were to blame for last year's power cut in North America, not the MSBlast worm, according to an investigation

A US and Canadian task force investigating the August 2003 blackout that cut power to an estimated 50 million North Americans published its final report on Monday, finding that institutional, human and computer failures -- not the MSBlast worm -- led to the outage.

The 14 August blackout hit three days after the worm started spreading, leading many to speculate that the quickly propagating program caused or contributed to the cascading failures that ultimately darkened New York, Toronto, Detroit and other areas.

Although several computer systems failed -- in particular, a server and backup that ran software for keeping track of the status of a major power network -- the Security Working Group leg of the Federal Energy Regulatory Commission (FERC)'s US-Canada Power System Outage Task Force "found no evidence that malicious actors caused or contributed to the power outage, nor is there evidence that worms or viruses circulating the Internet at the time of the power outage had an effect on power generation and delivery systems of the companies directly involved in the power outage," the report said.

The MSBlast, or Blaster, worm started spreading on 11 August, using a vulnerability in a common Microsoft Windows networking feature. The latest information from Microsoft indicates that as many as 16 million computers were infected.

In addition to ruling out MSBlast as the cause, the Security Working Group's report also stressed that there was no evidence that a cyberattack by al-Qaida, which had reportedly claimed responsibility for the attack after the fact, had caused the outage.

The finding essentially reiterates the conclusions of the task force's interim report, published in November.

Systems failures and human error at both the Midwest ISO and at FirstEnergy, a group of seven electric utilities that operate in the US Northeast and Midwest, were the primary causes of the blackout, according to the report.

An early-warning system at Midwest ISO could have alerted engineers, but it had been malfunctioning and was left off by an engineer who had gone to lunch. Meanwhile, another such system, known as the Alarm and Event Processing Routine, and its backup server, both failed at FirstEnergy, a fact that wasn't discovered until many hours later. Those system failures, combined with three major line outages caused by fallen tree limbs, resulted in the regional blackout, the report concluded.

While the system failures weren't the cause of the blackout, they prevented FirstEnergy from adequately responding to its own outages and caused the blackout to spread beyond that conglomerate's own system.

US Energy Secretary Spencer Abraham described the problem in a statement issued last November, when the interim report was published.

"Because FirstEnergy's monitoring equipment wasn't telling them about the downed lines, the control room operators took no action -- such as shedding load -- which could have kept the problem from growing and becoming too large to control," Abraham said in the statement.

The Security Working Group believes that its investigation, which included interviews, telephone transcripts, and law enforcement and intelligence information, gave it a complete picture of what happened. However, the working group decided not to analyse the logs of network devices, firewalls and intrusion detection systems, which could have given further evidence of any network attacks that coincided with the outage.

The report recommends that US energy companies share alert and vulnerability information, create a group to improve the security of control systems and adopt a set of interim regulations for computer security issued by the FERC.

FERC published the final report on its Web site on Monday.

ZDNet News
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
Sponsored Links
      
#39098 - 04/07/04 12:01 AM Re: Worm 'did not cause' US blackout
Phatal Offline
UGN News Staff

Registered: 04/05/04
Posts: 298
Loc: Houston, TX
Nice... they claim that no cyber attacks created the problem, yet opted to not analize the logs on the firewalls and servers. There's ya some good info...

Top

Featured Member
Registered: 10/28/14
Posts: 1
Forum Stats
2152 Members
46 Forums
36214 Topics
71384 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29375
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
cdefgh368568, HushHush, golqm, Tim050, Gecko666
2151 Registered Users
Who's Online
0 registered (), 364 Guests and 340 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!