funsec mailing list archives
Re: cyber-9/11
From: Chris Blask <chris () blask org>
Date: Wed, 8 Apr 2009 08:44:08 -0700 (PDT)
Robert Graham wrote:
I agree that SCADA systems are extremely weak. I curl up in a ball laughing on the floor every time somebody mentions "Smart Grid". Here is a paper I gave a couple years ago at Black Hat. It's nothing surprising, but it's first-hand knowledge (that is, when I say SCADA is weak, it's because I've seen it for my own eyes, not because it heard it was well docum http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf
I started a company called Lofty Perch a few years ago and we rapidly wandered into SCADA and CIP (Lofty is still going, but I'm not involved anymore). The challenge of addressing the space is complicated by: the nature of the folks who build and run these systems (steel-toed boots and hardhats, "seven years to go 'til retirement and I'll quit when some computer kid tells me what to do'); the lack of a mandate from the government (or anyone) to address the problem; and the inherent difficulties we (infosec) have as an industry. The first of these is what it is, and we have to bear that in mind when crafting solutions. This is why the second is virtually an absolute requirement - these folks are much less likely to run off and embrace security than IT (pointed pause......). The third is something we can do something about, but - for all the same reasons that we struggle with IT security - we don't. We need to make it programatically simple for the facility owner/operators to consumer security solutions like they consume epoxy and PLCs, but we keep trying to explain to them how digital signatures are revoked. -chris _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: cyber-9/11, (continued)
- Re: cyber-9/11 Robert Graham (Apr 07)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Gadi Evron (Apr 08)
- Re: cyber-9/11 Chris Blask (Apr 08)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Nick FitzGerald (Apr 08)
- Re: cyber-9/11 der Mouse (Apr 08)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Donal (Apr 08)