funsec mailing list archives

Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)]

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sat, 30 Jun 2007 03:02:45 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Brian Loe" <knobdy () gmail com> wrote:

No, Fight Club was simply blowing up "all" of the credit companies.
This is more along the lines of shutting down ALL water, natural gas,
electric and financial systems. Funny that SCADA/DCS networks have
been getting some airtime of late - the more they make connections to
it the more likely something like this is possible and not just a
Hollywood nightmare.

There are utilities out there that if you got in you'd have water,
power and a lot of street lights to play with...very bad.


True enough.

I've a number of conversations with several people on this issue
in the past few months that go something along the lines of:

Me: "You'd be shocked if you knew the extent of the problem."
Them: "Huh? Aren't critical systems like electrical power, etc.
not connected to the Internet?"
Me: "You'd think they wouldn't be, but you'd be wrong."

Some astoundingly stupid business decisions may put critical
infrastructure at risk?

How you ask?

Consider this simple scenario.

A regional electric company wants to remotely read residential
meters for electric consumption, but does not want to invest in
installing their own infrastructure (read: laying new fiber or
hybrid-fiber coax [HFC]) to do so, and makes a business decision
(everything boils down to dollars and cents) to use existing
infrastructure (read: Internet VPN-style connectivity) to accomplish
this feat.

Boggles the mind, eh? This exact scenario exists today.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGhce6q1pz9mNUZTMRAraOAJ92XQnd46go/1yCrWqecfsR3yp2twCfd2vk
3KWRtJAQkmMry0FZ+Ot92M4=
=GT/R
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Paul Ferguson (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dave Paris (Jun 29)
  - Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Valdis . Kletnieks (Jun 29)
  - Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] B.K. DeLong (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Brian Loe (Jun 30)
  - Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dude VanWinkle (Jun 30)