funsec mailing list archives
Re: Foul
From: Ned Fleming <ned () kaw us>
Date: Tue, 10 Nov 2009 10:10:31 -0600
On Tue, 10 Nov 2009 05:37:44 -0800 (PST), chris () blask org wrote:
One of the problems with identifying and attributing cyber attacks against things like grids is that there are so many other things that could have gone wrong. If there was a desire to downplay the incident (for which the motivation is very high) it is trivial to deliver an alternate story. Does this mean the Brazilian alternative story is a cover up? Probably not, but almost no one (not even the utility employees) would be able to gainsay it if it was.
You're implying the Brazilian utility story may be a cover-up and that the motivation to do so was very high. And further, not even the participants in this alleged cover-up would be able to deny it was one. Interesting.
The point remains: control systems (not just grid systems, but everywhere) are extremely unprepared for cyber attack. The amount of effort applied to cyber security as a percentage of resources applied to these systems is virtually unmeasurably small, and where there has been any at all it is almost always a one-off custom engagement. Control system networks make the IT networks we all complain about look like Fort Knox.
Not true for electric utilities. They're spending fortunes on NERC CIP. Electric utilities understand FERC/NERC are really just getting started. The smart grid ("from the toaster to the generator") cyber security standards will make NERC CIP look small.
We need to regularize our approach to CIP cybersecurity or we aren't going to make any headway at all.
I disagree. -- Ned _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Foul, (continued)
- Re: Foul security curmudgeon (Nov 09)
- Re: Foul chris (Nov 10)
- Re: Foul Ned Fleming (Nov 10)
- Re: Foul chris (Nov 10)
- Re: Foul Ned Fleming (Nov 10)
- Re: Foul chris (Nov 10)
- Re: Foul quispiam lepidus (Nov 11)