funsec mailing list archives
Re: US 'unprepared for cyber 9/11'
From: John Bambenek <bambenek.infosec () gmail com>
Date: Sun, 21 Dec 2008 23:44:54 -0600
I wasn't particularly surprised, per se, on 9/11. People have been saying stuff like that was eminent for years and we've seen the writing on the wall. Regardless of how it is played in the press, it doesn't take much effort to take a few people, teach them basic stick and rudder and then give them box cutters. It relied on the passification of our culture, an assumption that is no longer true (which Robert Reid can attest to, for instance). In short, if someone told me before 9/11 that it was coming, I would have said, "Yes, we know, but the decision makers don't give a shit until it actually happens". Of course, this doesn't mean I suddenly agree on the cyber 9-11 doomsday prophesies either. Jon Kibler wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John C. A. Bambenek, GCIH, CISSP wrote:Tell me exactly how any scenario of a "cyber 9-11" would entail anything on the scale of a loss of 3,000 lives. Hyperbole does not serve our industry well.I can think of several scenarios where lives could be lost from an intentional attack against critical infrastructure under computer control. Here are a few examples: 1) There have already been deaths (from too much X-ray exposure) due to software bugs. An intentional attack against medical devices could kill people. 2) The DoE has already demonstrated that an attack against SCADA systems can damage power generation infrastructure beyond quick repair. A widespread attack against the generation systems could disrupt power for weeks to months on end. If that occurred in conjunction with a major winter storm, people could easily freeze to death or die of CO poisoning, like has already happened in relatively minor power outages in mid-winter in the U.S northeast and midwest. 3) Remember Bophal, India? That was an accidental wrong positioning of a value on a chemical tank that lead to a chemical spill that killed or injured thousands. Today, much of this type of chemical plant infrastructure is under computer control. An intentional attack could easily result in a chemical spill that could injure or kill thousands. For example, just look at the number of chemical plants directly across the river from NYC in Jersey. Each one of those is a ticking time bomb. These are just a few ways that 'computers can kill.' I could go on for pages with other hypothetical scenarios that you would probably dismiss as "would never happen." But, prior to 9/11, what you have said if someone told you that it was likely that terrorists would hijack air planes and crash them into major buildings, killing thousands? I am sure that you would have also dismissed that as "would never happen," too. Jon K - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklOficACgkQUVxQRc85QlNF8wCfYItukyrt1eHM3j7/CTqTqt86 kwgAn2IrRmrC6b+1EjNOtG88SQjH31Wm =AKfE -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- US 'unprepared for cyber 9/11' quispiam lepidus (Dec 18)
- Re: US 'unprepared for cyber 9/11' David Harley (Dec 19)
- Re: US 'unprepared for cyber 9/11' Jon Kibler (Dec 19)
- Re: US 'unprepared for cyber 9/11' John C. A. Bambenek, GCIH, CISSP (Dec 20)
- Re: US 'unprepared for cyber 9/11' Jon Kibler (Dec 21)
- Re: US 'unprepared for cyber 9/11' Tomas L. Byrnes (Dec 21)
- Re: US 'unprepared for cyber 9/11' David Harley (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Bambenek (Dec 21)
- Re: US 'unprepared for cyber 9/11' John C. A. Bambenek, GCIH, CISSP (Dec 20)
- Re: US 'unprepared for cyber 9/11' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Bambenek (Dec 21)
- Re: US 'unprepared for cyber 9/11' der Mouse (Dec 21)
- Re: US 'unprepared for cyber 9/11' John Payne (Dec 22)