The Nov. 2009 blackout that plunged millions of Brazilians into darkness for up to six hours was not the result of cyber saboteurs, but instead an unusual confluence of independent factors that conspired to cause a cascading power failure, according to a classified cable from the U.S. embassy in Brazil.
The communication, one of roughly 250,000 to be published by Wikileaks.org, provides perhaps the most detailed explanation yet of what may have caused the widespread outage, which severed power to 18 of Brazil’s 27 states, cutting electricity for up to 60 million Brazilians for periods ranging from 20 minutes to six hours. The Nov. 2009 outage was notable because it came just three days after a CBS news magazine 60 Minutes report about a much more severe two-day outage in 2007 that cited unnamed sources claiming that the blackout was triggered by hackers targeting electric control systems.
Reports from Wired.com and other news publications quickly challenged that 60 Minutes segment, pointing to previous investigations that suggested a variety of factors contributed to the 2007 incident, including poorly-maintained electrical insulators. But when another outage hit Brazil three days after the CBS report, the coincidence led to more speculation about whether hackers were once again involved.
The cable relates information shared by executives and engineers from Brazil’s National Operator of the Interconnected Power System (ONS), which “further ruled out the possibility of hackers because, following some acknowledged interferences in past years, [the Government of Brazil] has closed the system to only a small group of authorized operators, separated the transmission control system from other systems, and installed filters.” From the cable:
“Coimbra confirmed that the ONS system is a CLAN network [classified local area network] using its own wires carried above the electricity wires. Oliveira pointed out that even if someone had managed to gain access to the system, a voice command is required to disrupt transmission. Coimbra said that while sabotage could have caused the outages, this type of disruption would have been deadly, and investigators would have found physical evidence, including the body of the perpetrator. He also noted that any internal attempts by system employees to disrupt the system would have been easily BRASILIA 00001383 003 OF 005 traceable, a fact known to anyone with access to the system.”
So what did cause the blackout? The cable suggests there were a range of contributing factors and some very bad timing:
“Geraldes described the events of November 10 as unusual, not in the interruption of the system, but in the confluence of events that led to the overall catastrophic scale of the blackout. He said that a similar disruption taking out the same line had occurred in the past but the system had been operating in such a way that the flow was redistributed with very little disruption. In the November 10 case, reservoirs were full due to recent abundant rainfalls and the thermal plants, which are often tapped to augment flow, were not operating. The interlinked system which allows electricity from any part of the country to be distributed to any other part was exporting power from the primary hydroplants in the South to the Sao Paulo/Rio region. According to Geraldes, in prior instances, the situation was reversed, with flow exported from Sao Paulo to the south during periods of less plentiful rainfall and the disruption had very little effect on the overall supply.
Grudtner said international standards generally call for a system to have capacity allowing unimpeded operation with one transmission line inoperable. At the time of the incident, the Brazilian system was operating at a capacity of unimpeded operations with two lines down, but the incident took out all three lines feeding into Sao Paulo. Additionally Coimbra pointed out, each of the lines which were disabled have recovery times of ten seconds, but the short circuits occurred within milliseconds of one another, disabling the transmission system with automatic shutdowns before the lines were able to recover. Geraldes called it the worst possible configuration of factors that led to a cascade effect.”
The cable concludes with an acknowledgment that while cyber vulnerabilities may not have been to blame, that shouldn’t prevent anyone from capitalizing on the threat of a cyber attack on the power infrastructure.
“This would be an excellent occasion to encourage the military to military Communication and Information Security Memorandum of Agreement (CISMOA), noting that although this incident does not appear to have been the result of an attack on the system, such an event is possible and signing this agreement would permit cooperation were one to occur. We could also consider a cybersecurity working group.”