Soot Over Cyber – Hanlons’ Razor and the Brazilian Blackout

I was skimming several security related sites yesterday and came across a post in Wired that spoke to the 2007 blackout in Brazil and the recent claims in a 60 Minutes segment that the blackout was caused by hackers.  The blackout was in fact caused by “negligent maintenance of high voltage insulators on two transmission lines” which triggered a cascading sequence of failures.

Hackers have claimed responsibility but no one has produced any evidence to support the claim.  And one official notes that the command and control for the system is not connected to the internet. 

After reading this the first thing that came to mind was this is a great case for Hanlon’s Razor, a corollary to Murphy’s Law that reads as follows:

“Never attribute to malice that which can be adequately explained by ignorance or incompetence, but don’t rule out malice.”

I used Hanlon’s Razor in a post called “Stopping Stupid” regarding the role in continuous security configuration management in stopping the risk caused by people doing stupid – but not necessarily malicious – acts. 

In this case, it seems that soot, not the sinister work of cyber criminals was to blame.  I don’t discount the depth and breadth of the cyber threat that exists today, but it is always good to hear a reminder that every time we see smoke there may not actually be a fire.