funsec mailing list archives
Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid
From: Jason Lewis <jlewis () packetnexus com>
Date: Fri, 06 Jun 2008 15:36:26 -0400
This reminds me of a Red Team scenario...totally fictious...maybe. Red Team goes to Military base for pen test. They are told to test the network and ignore the open wireless AP in the office of the base commander. WAP is directly connected to base network and accessible from outside fence of said base. Red Team tests WAP for basic network connectivity and notes that this is a major security hole and makes any other testing pointless. Recommendation is to remove WAP or at least lock it down and attempt some basic security. A year passes and the Red Team is back for the yearly assessment. WAP is still in commanders office with the open access. If any entity is truly attempting to make things more secure...these constraints have to go. The biggest problem with the above Red Team is the lack of authority to start punishing people for security breaches. It will take a huge embarassing incident for that to change...and even then...the base commander will have the last word. "Don't include the WAP in my office" It seems a lot of government agencies have this problem, which is sad. Matt Jonkman wrote:
I may (or may not) have done a vulnerability assessment at TVA a few years ago. Wasn't very productive. Let's just say that the constraints for what we could and couldn't test were.... ummm... preposterous. But the routers were fine... :) Matt
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Congress Alarmed At Cyber-Vulnerability Of Power Grid Juha-Matti Laurio (Jun 01)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Kurt Grutzmacher (Jun 05)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Matt Jonkman (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Jason Lewis (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Matt Jonkman (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Kurt Grutzmacher (Jun 05)