RE: SCADA makes you a target for terrorists take 2

["Drew Copley" <dcopley () eeye com>]

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Caggy, James
> Sent: Tuesday, August 19, 2003 9:58 AM
> To: full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] SCADA makes you a target for 
> terrorists take 2
>
>
> This is a "Lessons learned from Slammer" advisory put out by 
> the NAERC two months ago and admits that the SCADA system is 
> vulnerable to worms and/or viruses.
>
> http://www.esisac.com/publicdocs/SQL_Slammer_2003.pdf

Excellent paper.

> There's still no reason not to believe that last week's 
> blackout wasn't in someway related to MSBlaster or a hacker 
> taking advantage of RPC.

The paper is excellent, but that does not mean Blaster took down the
power grid. 

I think that people need to remember to show some constraint, unless
they want the problems in SCADA to appear to be overblown... A "cry wolf
scenario".

There is a very good reason to not "believe" that Blaster or a hacker
took down the grid last week -- there is no proof for it. There may be
circumstantial evidence for this, but that is not the same thing as
proof.



> -----Original Message-----
> From: Bernie, CTA [mailto:cta () hcsin net] 
> Sent: Monday, August 18, 2003 9:03 PM
> To: full-disclosure () lists netsys com
> Cc: Elinor.Abreu () reuters com
> Subject: [Full-disclosure] SCADA makes you a target for 
> terrorists take 2
>
> Over a year ago the NIPC put out a warning about threats 
> regarding the SCADA Systems
>
> Again, my point is regardless of what caused the Blackout, 
> attention needs to be given on improving and integrating System 
> Security first, and replacing the so called worn out Grid 
> (cables and related infrastructure) last. Vulnerable components 
> should be identified, isolated and neutralized immediately. 
> Worry about the sagging cables later. 
>
> I can not understand why the same basic principles of systems 
> security engineering should not apply to the Power Industry 
> i.e., analyze potential Threats (Accessibility, Integrity, 
> Confidentiality), Vulnerabilities and Attacks.
>
> Ok I'm done... for now.
>
> > > > >
>  National Infrastructure Protection Center
>
>
> Terrorist Interest in Water Supply and SCADA Systems 
> Information Bulletin 02-001 30 January 2002
>
> NIPC Information Bulletins communicate issues that pertain to 
> the critical national infrastructure and are for information 
> purposes only.
>
> A computer that belonged to an individual with indirect links to 
> USAMA BIN LADIN contained structural architecture computer 
> programs that suggested the individual was interested in 
> structural engineering as it related to dams and other water- 
> retaining structures. The computer programs included CATIGE, 
> BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to 
> identify and classify soils using the UNIFIED SOIL 
> CLASSIFICATION SYSTEM.
>
> In addition, U.S. law enforcement and intelligence agencies have 
> received indications that Al-Qa'ida members have sought 
> information on Supervisory Control And Data Acquisition (SCADA) 
> systems available on multiple SCADA-related web sites. They 
> specifically sought information on water supply and wastewater 
> management practices in the U.S. and abroad. There has also been 
> interest in insecticides and pest control products at several 
> web sites.
>
> Recipients can find additional information regarding posting 
> sensitive infrastructure-related information on Internet web 
> sites in NIPC Advisory 02-001 issued on 17 January 2002 at 
> http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The 
> intent of this bulletin was to encourage Internet content 
> providers to review the sensitivity of the data they provide 
> online.
>
> The NIPC encourages recipients of this Information Bulletin to 
> report information concerning criminal or terrorist activity to 
> their local FBI office http://www.fbi.gov/contact/fo/fo.htm or 
> the NIPC, and to other appropriate authorities. Recipients may 
> report incidents online at 
> http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC 
> Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or 
> nipc.watch () fbi gov-
> ****************************************************
> Bernie 
> Chief Technology Architect
> Chief Security Officer
> cta () hcsin net
> Euclidean Systems, Inc.
> *******************************************************
> // "There is no expedient to which a man will not go 
> //    to avoid the pure labor of honest thinking."   
> //     Honest thought, the real business capital.    
> //      Observe> Think> Plan> Think> Do> Think>      
> *******************************************************
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html