Dec 10

Cable: No Cyber Attack in Brazilian ’09 Blackout


The Nov. 2009 blackout that plunged millions of Brazilians into darkness for up to six hours was not the result of cyber saboteurs, but instead an unusual confluence of independent factors that conspired to cause a cascading power failure, according to a classified cable from the U.S. embassy in Brazil.

The communication, one of roughly 250,000 to be published by Wikileaks.org, provides perhaps the most detailed explanation yet of what may have caused the widespread outage, which severed power to 18 of Brazil’s 27 states, cutting electricity for up to 60 million Brazilians for periods ranging from 20 minutes to six hours. The Nov. 2009 outage was notable because it came just three days after a CBS news magazine 60 Minutes report about a much more severe two-day outage in 2007 that cited unnamed sources claiming that the blackout was triggered by hackers targeting electric control systems.

Reports from Wired.com and other news publications quickly challenged that 60 Minutes segment, pointing to previous investigations that suggested a variety of factors contributed to the 2007 incident, including poorly-maintained electrical insulators. But when another outage hit Brazil three days after the CBS report, the coincidence led to more speculation about whether hackers were once again involved.

The cable relates information shared by executives and engineers from Brazil’s National Operator of the Interconnected Power System (ONS), which “further ruled out the possibility of hackers because, following some acknowledged interferences in past years, [the Government of Brazil] has closed the system to only a small group of authorized operators, separated the transmission control system from other systems, and installed filters.” From the cable:

“Coimbra confirmed that the ONS system is a CLAN network [classified local area network] using its own wires carried above the electricity wires. Oliveira pointed out that even if someone had managed to gain access to the system, a voice command is required to disrupt transmission. Coimbra said that while sabotage could have caused the outages, this type of disruption would have been deadly, and investigators would have found physical evidence, including the body of the perpetrator. He also noted that any internal attempts by system employees to disrupt the system would have been easily BRASILIA 00001383 003 OF 005 traceable, a fact known to anyone with access to the system.”

So what did cause the blackout? The cable suggests there were a range of contributing factors and some very bad timing:

“Geraldes described the events of November 10 as unusual, not in the interruption of the system, but in the confluence of events that led to the overall catastrophic scale of the blackout. He said that a similar disruption taking out the same line had occurred in the past but the system had been operating in such a way that the flow was redistributed with very little disruption. In the November 10 case, reservoirs were full due to recent abundant rainfalls and the thermal plants, which are often tapped to augment flow, were not operating. The interlinked system which allows electricity from any part of the country to be distributed to any other part was exporting power from the primary hydroplants in the South to the Sao Paulo/Rio region. According to Geraldes, in prior instances, the situation was reversed, with flow exported from Sao Paulo to the south during periods of less plentiful rainfall and the disruption had very little effect on the overall supply.

Grudtner said international standards generally call for a system to have capacity allowing unimpeded operation with one transmission line inoperable. At the time of the incident, the Brazilian system was operating at a capacity of unimpeded operations with two lines down, but the incident took out all three lines feeding into Sao Paulo. Additionally Coimbra pointed out, each of the lines which were disabled have recovery times of ten seconds, but the short circuits occurred within milliseconds of one another, disabling the transmission system with automatic shutdowns before the lines were able to recover. Geraldes called it the worst possible configuration of factors that led to a cascade effect.”

The cable concludes with an acknowledgment that while cyber vulnerabilities may not have been to blame, that shouldn’t prevent anyone from capitalizing on the threat of a cyber attack on the power infrastructure.

“This would be an excellent occasion to encourage the military to military Communication and Information Security Memorandum of Agreement (CISMOA), noting that although this incident does not appear to have been the result of an attack on the system, such an event is possible and signing this agreement would permit cooperation were one to occur. We could also consider a cybersecurity working group.”

Tags: , , , ,


  1. The last part shows how pathetic they are.

    And you shall know the truth, and the truth shall make you free.

  2. Good Job!
    Thanks for the wikileaks…
    The Wiki is Very Important.


    Good Job.

  3. u are tiking bomb julian thank u for weking upp the worlds population
    give them same more
    shake them upp

  4. Interesting report, Brian. Not altogether surprising though. You probably recall we had a similar multi-hour blackout in NE part of North America that I don’t think affected as many people, but it was pretty serious at the time. It was a result of a cascading failure, too. Evidently, many of the electrical systems had automatic shut-offs if spikes were detected on the grid which happened when other distribution grids went down. So what was one localized problem, a switch in Michigan, I believe, that failed, caused dozens of other switches to shut off causing millions to lose power for several hours.

    That, and my personal opinion that 60 minutes is a terrible terrible example of investigative reporting. They, probably more than any other “news” organisation, exaggerate, obfucate and glorify events. If they haven’t already, I fully expect them to do a report on how wireless is giving us all cancer, especially now that some of our idiot politicians in Canada have a committee investigating it.

  5. Here in Brazil the main media (Rede Globo, the worse thing about truth) highlighted about the “hacker blackout” a lot of times and, naturaly, never told about the wikileaks contents.

  6. “The communication, one of roughly 250,000 published this week by Wikileaks.org.”

    Sorry to nitpick, but wikileaks is slowly leaking the cables over the next several months. As of this point only 683 of more than 250,000 cables have been published on their site.

  7. In this case, the cable was simply repeating what the Brazilian press had already published. It doesn’t, however, tell the whole story, which includes the government changing its position on what caused the blackout at least twice after Brazilian climate scientists disproved the government’s first attempt to attribute the blackout to something other than a malicious attack.

    Additionally, no government has ever publicly acknowledged a single blackout was caused by a hacker attack. Since attacks have been ongoing since the turn of the century, and outages occur all the time, what are the odds that not a single hacker has been successful; or, alternatively, that any government has ever not lied about the root cause of an outage? Non-existent, AFAIC.

  8. wikileaks still alive??