當電網面臨網路攻擊，我們該如何應對？

電網面臨網路攻擊風險

應對方法在這裡

Electricity grids are at risk

from cyberattack.

Here"s how we can

keep them running

A clever attacker could disguise the intrusion 「as something simple".

-聰明的攻擊者能夠將網路入侵偽裝成「不過如此」。

圖片來源：路透社/ Stringer

On Aug. 14, 2003, asoftware bugcontributed to ablackoutthat left 50 million people across nine U.S. northeastern states and a Canadian province without power. The outage lasted for as long as four days, with rolling blackouts in some areas for days after that.

2003年8月14日，一個軟體故障導致美國東北部和加拿大某省份大面積停電，逾5000萬人受到停電影響。電力持續中斷長達四天，之後數日又有部分地區陸續停電。

Electricity, shown in the upper right, is integrated into every aspect of modern life.右上角為電力供應，如今電力已經融入了現代生活的方方面面。

Image: Federal Communications Commission

圖片來源：美國聯邦通信委員會

That event wasn』t caused by an attacker, but many of the recommendations of the final incident report focused oncybersecurity. Fifteen years later, the stakes of a long-term outage are even higher, as American business and society are even more dependent on electronic devices. Scholars around the country are studying the problem of protecting the grid fromcyberattacksand software flaws. Several of them have written about their work for The Conversation:

該事件並非由網路攻擊引起，但最終的事件報告中的許多建議均聚焦網路安全問題。十五年後的今天，由於美國商業和社會更加依賴電子設備，長期停電的代價也因此更加高昂。美國各地的學者，都在研究如何保護電網免受網路攻擊和軟體漏洞的影響。其中部分學者受「對話」（The Conversation）邀約寫下了他們的方案。

1. Attacks could be hard to detect

攻擊難以勘測

Though the software error that amplified the blackout was not the result of a cyberattack, power grid scholar Michael McElfresh at Santa Clara University explains that a clever attacker could disguise the intrusion 「as something as simple as a large number of apparent customers lowering their thermostat settings in a short period on a peak hot day.」

雖然是軟體錯誤擴大了停電影響，而且這一錯誤並不是因為受到網路攻擊，但美國聖克拉拉大學（Santa Clara University）的電網研究人員邁克爾·麥克艾弗瑞西（Michael McElfresh）解釋稱：「聰明的網路攻擊者，能夠對發起的網路攻擊進行偽裝，就比如，他們可以讓人以為只是在最熱的一天，短時間內大批用戶調低溫度一樣簡單。」

2. Grid targets are tempting

電網是十分誘人的攻擊目標

Iowa State University』s Manimaran Govindarasu and Washington State University』s Adam Hahn, both grid security scholars, noted that the grid is an attractive target for hackers, who could shut off power to large numbers of people: 「It happened in Ukraine in 2015 and again in 2016, and it could happen here in the U.S., too.」

來自愛荷華州立大學（Iowa State University）的瑪尼馬蘭·戈文達拉蘇（Manimaran Govindarasu）和華盛頓州立大學（Washington State University）的亞當·哈恩（Adam Hahn）都指出，電網對於黑客來說，是一個極具吸引力的目標，這些黑客可以切斷大批用戶的電力供應，他們說：「這樣的事件2015年曾在烏克蘭發生過，之後2016年又再次發生，那麼類似事件也有可能會發生在美國。」

3. What to do now?

現在如何應對？

In another article, Govindarasu and Hahn went on to describe the level to which 「Russians had penetrated the computers of multiple U.S. electric utilities and were able to gain … privileges that were sufficient to causepower outages.」

戈文達拉蘇和哈恩在另一篇文章中也表述了「俄羅斯人已經侵入多家美國電力公司的計算機，並且獲得了……足以導致停電的許可權。」

The response, they wrote, involves extending federal grid-security regulations to 「all utility companies – even the smallest,」 having 「all companies that are part of the grid participate in coordinated grid exercises toimprove cybersecurity preparednessand share best practices」 and – crucially – insisting that power utilities 「ensure the hardware and software they use are from trustworthy sources and have not been tampered with or modified to allow unauthorized users in.」

他們寫道，應對措施包括將聯邦電網安全法規擴展到「所有的公共事業公司，甚至是最小的公司」；讓「所有電網的子公司都共同參與電網演習，來提高網路安全準備，並交流最佳經驗」；還有至關重要的一點是，堅持要求電力公司「確保他們使用的電腦硬體和軟體來源的可信度，並且確保沒有被篡改或修改以允許未經授權的用戶進入。」

Those steps won』t prevent software bugs, but they could reduce the likelihood of attackers exploiting computer systems』 vulnerabilities to shut off the lights.

這些步驟雖然不會阻止軟體出現錯誤，但可以降低攻擊者利用計算機系統缺陷來切斷電力的可能性。

4. Restructuring the grid itself

重組電網結構

To protect against all types of threats to the grid – including natural and human-caused ones – engineering professor Joshua M. Pearce at Michigan Technological University suggests generating energy at many locations around the country, rather than in centralized power plants. He reports that his research has found that connecting those smaller power producers together with nearby electricity users would make supply more reliable, less vulnerable and cheaper. In fact, he found the U.S. military 「could generate all of its electricity from distributed renewable sources by 2025 using … microgrids.」

為了防止針對電網的所有類型的威脅，包括自然和人為因素，密歇根理工大學（Michigan Technological University）的工程學教授約書亞·M·皮爾斯（Joshua M. Pearce）建議在全國多個地方進行發電生產，來替代集中發電廠。他報告稱，根據他的研究，將這些較小規模的發電廠與附近的電力用戶連接起來，可以使得電力供應更加可靠、不易受到攻擊，而且更經濟。事實上，他發現美國軍方「可以通過使用微電網，從分散式的可再生電力來源中，產生所需的所有電力。」

At least that way a small problem with the grid would be less likely to spread and become a major problem for tens of millions of people, like the Northeast Blackout of 2003 was.

至少這樣，電網再出現小毛病時，不太可能像2003年美國東北部的大停電事件一樣蔓延開，成為數千萬人的大問題。

本文由有譯思翻譯團隊翻譯

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！