Full Disclosure mailing list archives
SCADA makes you a target for terrorists take 2
From: "Bernie, CTA" <cta () hcsin net>
Date: Mon, 18 Aug 2003 21:03:08 -0400
Over a year ago the NIPC put out a warning about threats regarding the SCADA Systems Again, my point is regardless of what caused the Blackout, attention needs to be given on improving and integrating System Security first, and replacing the so called worn out Grid (cables and related infrastructure) last. Vulnerable components should be identified, isolated and neutralized immediately. Worry about the sagging cables later. I can not understand why the same basic principles of systems security engineering should not apply to the Power Industry i.e., analyze potential Threats (Accessibility, Integrity, Confidentiality), Vulnerabilities and Attacks. Ok I'm done... for now.
National Infrastructure Protection Center Terrorist Interest in Water Supply and SCADA Systems Information Bulletin 02-001 30 January 2002 NIPC Information Bulletins communicate issues that pertain to the critical national infrastructure and are for information purposes only. A computer that belonged to an individual with indirect links to USAMA BIN LADIN contained structural architecture computer programs that suggested the individual was interested in structural engineering as it related to dams and other water- retaining structures. The computer programs included CATIGE, BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to identify and classify soils using the UNIFIED SOIL CLASSIFICATION SYSTEM. In addition, U.S. law enforcement and intelligence agencies have received indications that Al-Qa'ida members have sought information on Supervisory Control And Data Acquisition (SCADA) systems available on multiple SCADA-related web sites. They specifically sought information on water supply and wastewater management practices in the U.S. and abroad. There has also been interest in insecticides and pest control products at several web sites. Recipients can find additional information regarding posting sensitive infrastructure-related information on Internet web sites in NIPC Advisory 02-001 issued on 17 January 2002 at http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The intent of this bulletin was to encourage Internet content providers to review the sensitivity of the data they provide online. The NIPC encourages recipients of this Information Bulletin to report information concerning criminal or terrorist activity to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch () fbi gov- **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SCADA makes you a target for terrorists take 2 Bernie, CTA (Aug 18)
- <Possible follow-ups>
- RE: SCADA makes you a target for terrorists take 2 Caggy, James (Aug 19)
- RE: SCADA makes you a target for terrorists take 2 Drew Copley (Aug 19)