funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Foul

From: chris () blask org
Date: Tue, 10 Nov 2009 05:37:44 -0800 (PST)
--- On Mon, 11/9/09, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:


This just in: The hackers that took out the Brazilian power
grid?  Turns out it was a poorly maintained insulator:


One of the problems with identifying and attributing cyber attacks against things like grids is that there are so many 
other things that could have gone wrong.  If there was a desire to downplay the incident (for which the motivation is 
very high) it is trivial to deliver an alternate story.

Does this mean the Brazilian alternative story is a cover up?  Probably not, but almost no one (not even the utility 
employees) would be able to gainsay it if it was.  

The point remains: control systems (not just grid systems, but everywhere) are extremely unprepared for cyber attack.  
The amount of effort applied to cyber security as a percentage of resources applied to these systems is virtually 
unmeasurably small, and where there has been any at all it is almost always a one-off custom engagement.  Control 
system networks make the IT networks we all complain about look like Fort Knox. 

We need to regularize our approach to CIP cybersecurity or we aren't going to make any headway at all.

-chris


      

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: