[michh]

Funny, how we're all suddenly privy to highly classified information.

Yesterday, if you'd have publicly shared this one substation is enough to take down Heathrow for an entire day, you'd have been disappeared by the British spooks for sharing extremely sensitive information threatening national security and you'd probably end up behind bars for over a decade.

Today, we all just know because it happened to catch fire, exposing the flaw.

[crote]

This kind of information has been available via open data for ages, and it isn't exactly hard for a foreign power with boots on the ground to figure out either.

With this kind of large-scale infrastructure it just isn't viable to rely on security through obscurity. If you want to protect against failure, invest in redundancy.

[rchaud]

Sounds like a cost center. Heathrow is privately owned. Would the board approve?

[fraserharris]

Business continuity planning & investment is an important part of running an enterprise.

[michh]

I didn’t mean this substation existing. I know that’s obviously not a secret. The fact taking it out takes out the entire main airport for at least an entire day is a different matter. Do you really think they’d have been fine with you announcing that to the world yesterday?

Don’t forget the BT Tower existing was technically classified under the official secrets act, even though it was extremely obviously there for everyone to see including on maps.

[hypeatei]

Taking out any power infrastructure is going to cause significant problems, no? I don't think that's a national secret in any country.

I get it, all modern intelligence apparatus is draconian but this take doesn't really make sense IMO.

[michh]

There's "significant problems" and there's taking out *the* most important airport in the country. Yes, there are other airports but this one matters most. Both in terms of (inter)national perception and in terms of real damage to the economy.

From an US perspective it'd be like taking out JFK, LAX and ATL at the same time. But even then, it doesn't really compare.

[chaps]

What a weird take. Arresting someone for reporting a major security vulnerability is pretty shitty thing for a state to do. What you're suggesting is that that's not actually that bad.

Same sort of logic that leads to people getting arrested for looking at HTML and reporting that it includes passwords.

[tremarley]

That’s what happened to Josh Renaud.

Renaud discovered that Social Security numbers for teachers, administrators and counselors were visible in the HTML code of a public Missouri State Education website and reported it.

Governor Mike Parson tried to file charges against him and labelled him as a criminal for doing so.

[chaps]

Yep! That's exactly what I was thinking of.

I've been on the side of disclosing a handful of times and it's a gamble each time whether I'm going to get a CFAA threat (both implicit and explicit threats).

[hypeatei]

> What you're suggesting is that that's not actually that bad.

When did I ever say or imply that? I agree that intelligence agencies are draconian, but to imply that you'd be locked away (never to be heard from again) for pointing out that a substation could be bombed and cause power issues is ridiculous.

[chaps]

They were using a bit of hyperbole for sure (though another poster accurately pointed out to you methods used against Northern Irish folk), but the reaction of gov agencies to use imprisonment (even as a threat!) for pointing out security fuckups isn't without precedence. It's happened to me :)

So, I guess I really don't understand your point. That being arrested for pointing these things out isn't bad because it's not being disappeared?

[michh]

I shouldn’t have used the word disappeared, I just meant picked up. And yeah no, not for saying a substation exists and could be bombed.

But for saying there is a single substation that, if taken out (by sabotage, terror attack, arson, or whatever), would cause great embarrassment and economic damage to the country by disabling THE British Airport? I think that’s a whole different matter.

[traceroute66]

> we're all suddenly privy to highly classified information

Its not highly classified. Its not even plain classified.

Its available on streetmap. The substation (like most are) is located on the edge of a residential area / industrial estate. People walk and drive past it every day.

Looking at streetmap, there's even a multiple big signs outside that says "North Hyde Substation". They don't even make any effort to hide it with obscured fencing, its all out in the open.

As others have also pointed out, its in open data downloads for ages.

[michh]

The fact this substation exists, yes, obviously. The fact taking it out takes out the entire airport: not so much! These kind of things usually aren’t dependent on a single substation. The fact that it is, is not something the UK government would have liked to be made public.

[traceroute66]

> The fact taking it out takes out the entire airport: not so much! These kind of things usually aren’t dependent on a single substation.

Let me re-phrase that for you:

It only took down the airport because the airport clearly did insufficient capacity planning in terms of backup mechanisms.

How can I be so confident ?

Because that exact same substation serves a number of large datacentres in the vicinity.

Due to the grid constraints previously discussed here, many of those same datacentres take ALL their feeds (A,B,C etc.) off that one substation, the only difference is the cables are diversely routed. Not their choice, it was imposed on them by the grid.

They have ALL been without ANY electrical feeds all day. I know that for a fact.

HOWEVER, those same datacentres have been running non-stop like nothing happened. I know that for a fact.

Why, because they have N+1 generators (which are regularly tested) with at least 48 hours of fuel, which was topped up this morning as soon as it became clear it was a major incident and with multiple fuel deliveries already pre-scheduled from multiple independent suppliers. I know that for a fact.

The grid are of course very busy trying to work some magic to re-arrange things to get the datacentres back online. Meanwhile the datacentres are very happy to keep ticking away on generator power for as long as it takes, its not a problem for them, its an event they plan, prepare and practice for.

Heathrow could have done the same. They could have added generator plants here and there over the years when they re-built terminals and such like.

They didn't, or at least they didn't do so with sufficient capacity.

Maybe Heathrow also fell behind on their generator maintenance and testing regimes. Who knows...

There are people out there who say it is because their motto is "spend little, charge a lot", so they did de-minimis, prefering to focus on maximising revenue generating space. I could not possibly comment.

[michh]

Sure, no argument there, but the fact is there was a weakness there and a weakness that would be considered a threat to national security if it were to get out - before today

[traceroute66]

> weakness that would be considered a threat to national security if it were to get out - before today

If it was considered a "threat to national security", that substation site would have been much better secured.

In addition, if it was a "threat to national security", the site location would not be on open public databases, it would be on List X.

As it stands, the substation site "security" consists of two low, easily scalable, fences. And probably some CCTV. That's about it.

Security by obscurity is not security. We are in 2025, you have streetview and satellite photos.

Anybody who knows anything about electricity distribution could look at that substation and tell you it was pretty important given the large size of transformers located there.

It also doesn't take a rocket scientist to see Heathrow is minutes away and put two and two together.

And if you think the bad guys don't have the ability to give some poorly paid maintenance guy at the electricity company some cash in relation for extra detail, I've got an igloo to sell you.

[baq]

> because it happened to catch fire

Not a conspiracy theorist here, but... there's been quite a few expensive things which caught fire in Europe in the past year and change and it turned out those things didn't catch it by accident.

[petertodd]

An example from a few days ago is how Lithuania's government believes that the Russian military intelligence was behind an arson attack on an Ikea: https://www.euronews.com/2025/03/17/lithuania-says-russian-m...

There's also the "accident" that just happened to destroy a US military oil tanker. Sure enough, the captain of the ship was Russian: https://www.theguardian.com/business/2025/mar/12/captain-arr...

And it's very clear that multiple undersea cables have been intentionally cut by Russia-linked entities. You just don't drag anchors for hours over known cables by accident (the cables are on charts precisely to help captains avoid damaging them).

We're at war with Russia, and these kinds of attacks have both economic and psychological harms. They also allow Russia to practice techniques in case they need to ramp things up for a hotter conflict.

[casenmgreen]

You don't get disappeared in UK. Stuff goes wrong, Gov does stupid things, so do police - but that's process/people being stupid, not institutionalized disappearances.

[youngNed]

laughs in Northern Irish https://en.wikipedia.org/wiki/Five_techniques

[casenmgreen]

Yes. NI was different, and suffered the abuses and problems which come with internal conflict.