At BPA [Bonneville Power Administration], the significance of the 9-9-99 date also seemed to baffle the technically inclined. Asked why he thought the date was used for the test, Brian Furumasu, Y2K program manager for transmission systems at BPA said, "I'm not sure. I think it was symbolic. It was really NERC driven."

(Prank phone call, not 9-9-99, disrupts BPA power)

-- Anonymous, September 10, 1999

Answers

Good grief, how embarassing that BPA got conned by somebody making a phone call. And they're calling this a PRANK? I think the people whose power went out might have other words for it. We don't consider that hackers are just pranksters, so why is using the telephone to deliberately shut down power anything different?

Industry lesson learned from this drill? Some security measures are not enough, although other than a verification call-back to the utility, I can't see what else they could do. And if called in requests are perceived to need immediate action, taking the chance on verifying first puts them in an impossible situation, too. It's good to see that the unauthorized intrusion was detected in fairly short order, but I'll bet the episode will still generate a review of security. Unfortunately, the lesson learned by the caller is that he/she _did_ singlehandedly manage to shut down some people's power with one dial up of the phone. No wonder James Prosser reported that the South African utility had decided to deal with possible terrorist or nutzos' actions in their contingency plans.

-- Anonymous, September 10, 1999

Has anybody in the EU has ever heard of a gizmo called Caller-ID? not that it's a Silver Bullet (!) but at least you know if someone is calling from a payphone. This is a case of bad data and bad logic. Imagine if this was a digitally controlled setup, one could dial in through a modem and send a DES encrypted cease and desist signal!

There is a Homer in every power plant.

-- Anonymous, September 10, 1999

It's somewhat disturbing how the phone call was dismissed as a "prank". Unfortunately, some "pranksters" were probably given ideas about future "pranks".

-- Anonymous, September 11, 1999

Bonnie and Lane: The reason that it was called a prank is because it was a power company employee who made the call. Reportedly he/she said it was done as a prank. Also, no customers were out of power because of the incident.

It was not taken lightly. Power companies have the means to disseminate this kind of information, and word quickly spread about this. There were a few other incidents in other parts of the country, that resulted in raised security. In the case above, awareness was up until it was discovered that it was an "inside job".

To be sure it doesn't happen again, the call-back is typically used. I communicated this to the field personnel to watch for this in the future.

-- Anonymous, September 11, 1999

My comments stand.

-- Anonymous, September 12, 1999