funsec mailing list archives

Re: Foul


From: Ned Fleming <ned () kaw us>
Date: Tue, 10 Nov 2009 10:10:31 -0600


On Tue, 10 Nov 2009 05:37:44 -0800 (PST), chris () blask org wrote:


One of the problems with identifying and attributing cyber attacks against things like grids is that there are so many 
other things that could have gone wrong.  If there was a desire to downplay the incident (for which the motivation is 
very high) it is trivial to deliver an alternate story.

Does this mean the Brazilian alternative story is a cover up?  Probably not, but almost no one (not even the utility 
employees) would be able to gainsay it if it was.  

You're implying the Brazilian utility story may be a cover-up and that
the motivation to do so was very high. And further, not even the
participants in this alleged cover-up would be able to deny it was
one. Interesting.

The point remains: control systems (not just grid systems, but everywhere) are extremely unprepared for cyber attack.  
The amount of effort applied to cyber security as a percentage of resources applied to these systems is virtually 
unmeasurably small, and where there has been any at all it is almost always a one-off custom engagement.  Control 
system networks make the IT networks we all complain about look like Fort Knox. 

Not true for electric utilities. They're spending fortunes on NERC
CIP. Electric utilities understand FERC/NERC are really just getting
started. The smart grid ("from the toaster to the generator") cyber
security standards will make NERC CIP look small.

We need to regularize our approach to CIP cybersecurity or we aren't going to make any headway at all.

I disagree.

-- 

Ned


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


Current thread: