[ChuckMcM]

A number of folks have argued that if it so easy to do this level of damage with a cyber attack why hasn't a terrorist done so in the last 10 years? Its not like you have to 'sneak' into the country or get pass the security theatre at the airport to mount such an attack. Hacking toolkits and websites are at least as easy to find as bomb making web sites.

[roc]

Obscurity. It's not like these machines are clearly marked with signs and access points as with Airports.

So the challenge is on par with saying "find a particular unsecured box on the internet". Without per-target research, you don't have a whole lot to go on. You can find tons and tons of targets. But the odds of them being the one you wanted, or even of the type you wanted, are pretty low.

Which isn't to say it's less a threat. But, rather, it's a threat that isn't likely to be casually exploited. Anyone who goes through the trouble of per-target research and exploitation of a number of such targets, isn't likely to pull the trigger for the lulz.

Even a "trial run" of an exploit would be a risk. You'd be inviting scrutiny of the trial machine, including logs at the ISP (and NSA) going back cheney-knows-how-far, and if nothing else, have drawn attention to the very problem you're hoping continues to be ignored.

[bhousel]

So I suppose my original comment should have just outright asked: What can a hacker actually do with (hypothetical) remote access to the electrical infrastructure? Open switches under load to effect an arc blast? Blow up a few substations?

Once hackers start mucking around with the grid, things start shutting down by themselves (cascading failures like in the 2003 blackout that you mentioned in another comment). In this situation, damaged equipment can be replaced fairly quickly (far quicker than if, say, a $60 billion storm throws trees across the wires).

I guess I was just looking more for responses from actual electrical engineers with knowledge of the problem. Otherwise we're all just talking out our collective asses, right?

[diminoten]

For good or for bad, terrorists have, by and large, ignored targets on the Internet.

Hactivists exist, obviously, but your brand-name terrorists like Al Qaeda have not used the Internet as an attack vector.

Yet.