funsec mailing list archives
Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)]
From: Dave Paris <dparis () w3works com>
Date: Sat, 30 Jun 2007 03:22:06 +0000
It's not the meter reading portion of the links that scare me as much as remote access to substations, grid interconnect points, etc. I've seen systems as Ferg describes below and utterly simplistic dial-in, unauthenticated systems... no dialback, zippo. Utterly insane.
Best~ -dsp Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[...]
True enough. I've a number of conversations with several people on this issue in the past few months that go something along the lines of: Me: "You'd be shocked if you knew the extent of the problem." Them: "Huh? Aren't critical systems like electrical power, etc. not connected to the Internet?" Me: "You'd think they wouldn't be, but you'd be wrong." Some astoundingly stupid business decisions may put critical infrastructure at risk? How you ask? Consider this simple scenario. A regional electric company wants to remotely read residential meters for electric consumption, but does not want to invest in installing their own infrastructure (read: laying new fiber or hybrid-fiber coax [HFC]) to do so, and makes a business decision (everything boils down to dollars and cents) to use existing infrastructure (read: Internet VPN-style connectivity) to accomplish this feat. Boggles the mind, eh? This exact scenario exists today. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGhce6q1pz9mNUZTMRAraOAJ92XQnd46go/1yCrWqecfsR3yp2twCfd2vk 3KWRtJAQkmMry0FZ+Ot92M4= =GT/R -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Paul Ferguson (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dave Paris (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Valdis . Kletnieks (Jun 29)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] B.K. DeLong (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Brian Loe (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dude VanWinkle (Jun 30)
- Re: Bad (Insecure) Business Decisons [Was: Re: IPv6, C&C (not bot nets, coffe and cats)] Dave Paris (Jun 29)