Penetration Testing mailing list archives
Re: SCADA
From: Jason Ellison <infotek () datasync com>
Date: Sun, 7 Jul 2002 23:48:34 -0500 (CDT)
the following message was all snipped up. <SNIP>
http://www.washingtonpost.com/wp-dyn/articles/A50765-2002Jun26.html
<SNIP>
----- Original Message ----- From: FBI Oklahoma City - DZ Sent: Thursday, June 27, 2002 11:28 AM Subject: FBI Information: SCADA security The below public source information (found in the 6/27/2002 NIPC Daily Report) and the enclosed NIPC white paper (word document) on SCADA will hopefully allow Key Assets and InfraGard members to be more aware of a potential vulnerability spanning numerous critical infrastructures. Cyber attacks by Al Qaeda feared by US. (Washington Post, 26 Jun) According to US officials, the potential exists for the compromise of digital devices that allow remote access of Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition Systems (SCADA). The simplest of these devices collect measurements, throw railway switches, close circuit breakers, or adjust valves in the pipes that carry water, oil, and gas. More complicated versions of these type of devices sift incoming data, govern multiple devices, and control other areas of the infrastructure. Recently, evidence has been discovered that Al Qaeda operators have spent time on web sites that offer software and
programming
explanations for the digital switches that run power, water, transport, and communications grids. By disabling or taking command of floodgates
in
a dam or a sub-station handling electric power, analysts believe an intruder could use cyber tools to disrupt/destroy critical infrastructures. It is surmised that terrorists may combine these techniques, synchronized with physical acts of terrorism. SA David Zimmermann FBI - Oklahoma City Division Key Asset Coordinator 405/290-7770 dz () fbi gov <<TechNews.com.url>> <<PCS Vulnerabilities.doc>>
<SNIP> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/