nanog mailing list archives
Re: Water Utility SCADA 'Attack': The, um, washout
From: Jerry Dixon <jerry () jdixon com>
Date: Sun, 27 Nov 2011 07:41:37 -0500
There is already a law on the books called Protected Critical Infrastructure Information (PCII). It has stiff penalties for leaking the information. The reporting critical infrastructure company has to request the information or report be protected under PCII. In most cases the companies also use their own NDA as well for added recourse if the info gets leaked. Also the fusion center or DHS could of offered this option up since most companies do not know this option/law is on the books. For a State Fusion center to leverage this law they have to get a delegation from DHS or at a minimum bring the executive agent in to declare the info PCII since it's a federal law. The PCII designator works and has been used in past incidents. Sensitive but unclassified does not work and has widely varying meanings from agency to agency. If it's that sensitive use PCII or classify as SECRET. Regarding this incident, I was skeptical from the get go. The fog of war around any incident is usually pretty thick at the initial stage. This has been shown even in national level cyber exercises time and time again. FBI/USSS/US-CERT are routinely engaged and investigating cyber incidents and nothing new here. People acted as if that was outside the norm when it was not. Jerry Jerry () jdixon com On Nov 26, 2011, at 3:14 PM, Jared Mauch <jared () puck nether net> wrote:
+1 This isn't the pentagon papers. Those found leaking should face the legal consequences for sbu information leakage. One can't have every email/memo leaked as it makes it unfeasible to perform ones job. Jared Mauch On Nov 26, 2011, at 7:51 AM, "andrew.wallace" <andrew.wallace () rocketmail com> wrote:My comment about a certain person leaking public-private sector correspondence to the media still applies then. https://plus.google.com/114359738470992181937/posts/DSnJfKqrJK1 Andrew ________________________________ From: Jay Ashworth <jra () baylink com> To: NANOG <nanog () nanog org> Sent: Saturday, November 26, 2011 3:14 AM Subject: Water Utility SCADA 'Attack': The, um, washout Not an attack: an already failing pump, and an employee of a contractor to the utility who was ... wait for it ... traveling in Russia on personal business. WaPo via Lauren @ Privacy: http://j.mp/rrvMXR Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Current thread:
- Re: Water Utility SCADA 'Attack': The, um, washout, (continued)
- Re: Water Utility SCADA 'Attack': The, um, washout andrew.wallace (Nov 26)
- Re: Water Utility SCADA 'Attack': The, um, washout Jared Mauch (Nov 26)
- Re: Water Utility SCADA 'Attack': The, um, washout andrew.wallace (Nov 26)
- Re: Water Utility SCADA 'Attack': The, um, washout Valdis . Kletnieks (Nov 26)
- Re: Water Utility SCADA 'Attack': The, um, washout Kyle Creyts (Nov 28)
- Re: Water Utility SCADA 'Attack': The, um, washout Leif Nixon (Nov 28)
- Re: Water Utility SCADA 'Attack': The, um, washout Owen DeLong (Nov 28)
- Re: Water Utility SCADA 'Attack': The, um, washout Dobbins, Roland (Nov 28)
- Re: Water Utility SCADA 'Attack': The, um, washout Owen DeLong (Nov 28)
- Re: Water Utility SCADA 'Attack': The, um, washout Måns Nilsson (Nov 26)
- Re: Water Utility SCADA 'Attack': The, um, washout Jerry Dixon (Nov 27)