RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2
From: Drew Copley (dcopley_at_eeye.com)
Date: 08/19/03
- Previous message: Serge van Ginderachter (svgn): "RE: [Full-Disclosure] Anyone? Important Security Update for the .NET Messenger Service"
- In reply to: Caggy, James: "RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Tue, 19 Aug 2003 10:59:05 -0700
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Caggy, James
> Sent: Tuesday, August 19, 2003 9:58 AM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] SCADA makes you a target for
> terrorists take 2
>
>
> This is a "Lessons learned from Slammer" advisory put out by
> the NAERC two months ago and admits that the SCADA system is
> vulnerable to worms and/or viruses.
>
> http://www.esisac.com/publicdocs/SQL_Slammer_2003.pdf
Excellent paper.
>
> There's still no reason not to believe that last week's
> blackout wasn't in someway related to MSBlaster or a hacker
> taking advantage of RPC.
>
The paper is excellent, but that does not mean Blaster took down the
power grid.
I think that people need to remember to show some constraint, unless
they want the problems in SCADA to appear to be overblown... A "cry wolf
scenario".
There is a very good reason to not "believe" that Blaster or a hacker
took down the grid last week -- there is no proof for it. There may be
circumstantial evidence for this, but that is not the same thing as
proof.
>
>
> -----Original Message-----
> From: Bernie, CTA [mailto:cta@hcsin.net]
> Sent: Monday, August 18, 2003 9:03 PM
> To: full-disclosure@lists.netsys.com
> Cc: Elinor.Abreu@reuters.com
> Subject: [Full-Disclosure] SCADA makes you a target for
> terrorists take 2
>
> Over a year ago the NIPC put out a warning about threats
> regarding the SCADA Systems
>
> Again, my point is regardless of what caused the Blackout,
> attention needs to be given on improving and integrating System
> Security first, and replacing the so called worn out Grid
> (cables and related infrastructure) last. Vulnerable components
> should be identified, isolated and neutralized immediately.
> Worry about the sagging cables later.
>
> I can not understand why the same basic principles of systems
> security engineering should not apply to the Power Industry
> i.e., analyze potential Threats (Accessibility, Integrity,
> Confidentiality), Vulnerabilities and Attacks.
>
> Ok I'm done... for now.
>
> >>>>
> National Infrastructure Protection Center
>
>
> Terrorist Interest in Water Supply and SCADA Systems
> Information Bulletin 02-001 30 January 2002
>
> NIPC Information Bulletins communicate issues that pertain to
> the critical national infrastructure and are for information
> purposes only.
>
> A computer that belonged to an individual with indirect links to
> USAMA BIN LADIN contained structural architecture computer
> programs that suggested the individual was interested in
> structural engineering as it related to dams and other water-
> retaining structures. The computer programs included CATIGE,
> BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to
> identify and classify soils using the UNIFIED SOIL
> CLASSIFICATION SYSTEM.
>
> In addition, U.S. law enforcement and intelligence agencies have
> received indications that Al-Qa'ida members have sought
> information on Supervisory Control And Data Acquisition (SCADA)
> systems available on multiple SCADA-related web sites. They
> specifically sought information on water supply and wastewater
> management practices in the U.S. and abroad. There has also been
> interest in insecticides and pest control products at several
> web sites.
>
> Recipients can find additional information regarding posting
> sensitive infrastructure-related information on Internet web
> sites in NIPC Advisory 02-001 issued on 17 January 2002 at
> http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The
> intent of this bulletin was to encourage Internet content
> providers to review the sensitivity of the data they provide
> online.
>
> The NIPC encourages recipients of this Information Bulletin to
> report information concerning criminal or terrorist activity to
> their local FBI office http://www.fbi.gov/contact/fo/fo.htm or
> the NIPC, and to other appropriate authorities. Recipients may
> report incidents online at
> http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC
> Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or
> nipc.watch@fbi.gov-
> ****************************************************
> Bernie
> Chief Technology Architect
> Chief Security Officer
> cta@hcsin.net
> Euclidean Systems, Inc.
> *******************************************************
> // "There is no expedient to which a man will not go
> // to avoid the pure labor of honest thinking."
> // Honest thought, the real business capital.
> // Observe> Think> Plan> Think> Do> Think>
> *******************************************************
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Serge van Ginderachter (svgn): "RE: [Full-Disclosure] Anyone? Important Security Update for the .NET Messenger Service"
- In reply to: Caggy, James: "RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
