funsec mailing list archives
Re: US 'unprepared for cyber 9/11'
From: "David Harley" <david.a.harley () gmail com>
Date: Mon, 22 Dec 2008 07:34:27 -0000
I've wondered whether someone in Al Qaeda read "Debt of Honor" and "Executive Orders" and said "Aha!" Some of the Clancy franchises are much less readable, but I guess there are some ideas worth thinking about in there. -- David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Tomas L. Byrnes Sent: 21 December 2008 18:37 To: Jon.Kibler () aset com; John C. A. Bambenek, GCIH, CISSP Cc: funsec () linuxbox org Subject: Re: [funsec] US 'unprepared for cyber 9/11' Prior to 9/11 Tom Clancy posited using airplanes as Cruise missiles in the opening scenes of "Executive Orders". He's been pretty prescient in his description of our vulnerabilities, so maybe reading some of his "Net Force" books might be useful to those dreaming up defense and contingency plans.-----Original Message----- From: funsec-bounces () linuxbox org[mailto:funsec-bounces () linuxbox org]On Behalf Of Jon Kibler Sent: Sunday, December 21, 2008 9:35 AM To: John C. A. Bambenek, GCIH, CISSP Cc: funsec () linuxbox org Subject: Re: [funsec] US 'unprepared for cyber 9/11' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John C. A. Bambenek, GCIH, CISSP wrote:Tell me exactly how any scenario of a "cyber 9-11" would entail anything on the scale of a loss of 3,000 lives. Hyperbole does not serve our industry well.I can think of several scenarios where lives could be lost from an intentional attack against critical infrastructure under computer control. Here are a few examples: 1) There have already been deaths (from too much X-rayexposure) dueto software bugs. An intentional attack against medicaldevices couldkill people. 2) The DoE has already demonstrated that an attack against SCADA systems can damage power generation infrastructure beyondquick repair.A widespread attack against the generation systems coulddisrupt powerfor weeks to months on end. If that occurred in conjunction with amajorwinter storm, people could easily freeze to death or die of CO poisoning, like has already happened in relatively minorpower outagesin mid-winter in the U.S northeast and midwest. 3) Remember Bophal, India? That was an accidental wrongpositioningof a value on a chemical tank that lead to a chemical spillthat killedor injured thousands. Today, much of this type of chemical plant infrastructure is under computer control. An intentionalattack couldeasily result in a chemical spill that could injure or killthousands.For example, just look at the number of chemical plantsdirectly acrossthe river from NYC in Jersey. Each one of those is a tickingtime bomb.These are just a few ways that 'computers can kill.' I couldgo on forpages with other hypothetical scenarios that you wouldprobably dismissas "would never happen." But, prior to 9/11, what you have said if someone told you that it was likely that terrorists would hijack air planes and crash them into major buildings, killing thousands? I amsurethat you would have also dismissed that as "would never happen," too. Jon K - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklOficACgkQUVxQRc85QlNF8wCfYItukyrt1eHM3j7/CTqTqt86 kwgAn2IrRmrC6b+1EjNOtG88SQjH31Wm =AKfE -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- US 'unprepared for cyber 9/11' quispiam lepidus (Dec 18)
- Re: US 'unprepared for cyber 9/11' David Harley (Dec 19)
- Re: US 'unprepared for cyber 9/11' Jon Kibler (Dec 19)
- Re: US 'unprepared for cyber 9/11' John C. A. Bambenek, GCIH, CISSP (Dec 20)
- Re: US 'unprepared for cyber 9/11' Jon Kibler (Dec 21)
- Re: US 'unprepared for cyber 9/11' Tomas L. Byrnes (Dec 21)
- Re: US 'unprepared for cyber 9/11' David Harley (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Bambenek (Dec 21)
- Re: US 'unprepared for cyber 9/11' John C. A. Bambenek, GCIH, CISSP (Dec 20)
- Re: US 'unprepared for cyber 9/11' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Bambenek (Dec 21)
- Re: US 'unprepared for cyber 9/11' der Mouse (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Payne (Dec 22)