Skip to main content

Posts

A new Cyber-Physical Angle in Spain’s Blackout

Just a few days ago, a reliable but anonymous source shared with me telemetry data from the day of the blackout, covering thousands of solar inverters deployed across Spain. Yesterday evening, the Spanish government released its official report on the blackout. In this post I present a detailed analysis of the telemetry data to understand how inverter-based resources may be linked to the voltage oscillations. This analysis offers a cyber-physical perspective that has not yet been publicly explored, and remains under investigation, according to the official report (p. 84-87)  I would like to mention that yesterday morning, many hours before the official report was published, I informed INCIBE of my intention to publish this research. I believe this heads-up was the right thing to do. Watch out, a long read ahead. Introduction  The following summary may be helpful for those looking to catch up on this complex scenario.  Week 1 : Introduction to the Spanish transmission ne...
Recent posts

Spain's blackout: Cyber or Not? An unbiased technical analysis

  Introduction Yesterday afternoon, I was writing what should have been the regular newsletter when the power suddenly went out. I wasn’t alarmed at all because I live in a mountain area, and power outages like this happen several times a year. It was a slightly windy day, so I assumed that maybe a tree had cracked and hit a low-voltage line or something similar. But, as it turns out, that wasn't the case. Instead, something unprecedented occurred, a 'zero energy' event: the power grid in Spain and Portugal went down completely. As we can see from the following graph coming from Red Eléctrica Española (transmission system operator responsible for managing the Spanish electricity system), at 12:35pm suddenly 15 GW of generation power went 'missing'. As the prime minister would explain during a press release: "in 5 seconds, 60% of the country's demand disappeared from the system". The interconnected power system is one of the most complex systems ever b...

Cyber-Physical Analysis of Weapons of Mass Destruction Detection Systems: Part 1 - DARPA's SIGMA

Index 1.  Introduction 2.  Practical Gamma Spectroscopy for Security Researchers 3.  SIGMA Network 4.  Conclusions Disclaimer To avoid any misunderstandings, I want to clarify that all the information in this post is based on open-source intelligence, publicly available documents, and reverse engineering. I have not attempted to compromise or replicate any potential attacks on internet-facing SIGMA systems. Instead, I conducted a simple, non-invasive reconnaissance phase, which involved accessing public websites, reviewing their source code, and examining generic endpoints to gather general information, such as system versions.  A month before publishing this post, I gave a heads-up about it to those who needed to be informed, just in case. Introduction  This is the first part of a series on the cyber-physical analysis of weapons of mass destruction detection systems, focusing on technologies like CBRN networks and nuclear safeguards. These posts will cover...