funsec mailing list archives
Re: Foul
From: chris () blask org
Date: Tue, 10 Nov 2009 05:37:44 -0800 (PST)
--- On Mon, 11/9/09, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
This just in: The hackers that took out the Brazilian power grid? Turns out it was a poorly maintained insulator:
One of the problems with identifying and attributing cyber attacks against things like grids is that there are so many other things that could have gone wrong. If there was a desire to downplay the incident (for which the motivation is very high) it is trivial to deliver an alternate story. Does this mean the Brazilian alternative story is a cover up? Probably not, but almost no one (not even the utility employees) would be able to gainsay it if it was. The point remains: control systems (not just grid systems, but everywhere) are extremely unprepared for cyber attack. The amount of effort applied to cyber security as a percentage of resources applied to these systems is virtually unmeasurably small, and where there has been any at all it is almost always a one-off custom engagement. Control system networks make the IT networks we all complain about look like Fort Knox. We need to regularize our approach to CIP cybersecurity or we aren't going to make any headway at all. -chris _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.