Full Disclosure mailing list archives
The Grid, Blaster v. Poor Security Engineering
From: "Bernie, CTA" <cta () hcsin net>
Date: Fri, 15 Aug 2003 12:21:25 -0400
It is ridiculous to accept that a lightning strike could knock out the grid. There are many redundant fault, limit and Voltage- Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and along the Power Grid that would have tripped to prevent or otherwise divert such a major outage. I believe that the outage was caused by the blaster, or its mutation, besieged upon the respective vulnerability in the systems (SCADA and otherwise) running MS 2000 or XP, located different points along the Grid. Some of these systems are accessible via the Internet, while others are accessible by POTS dialup, or private Frame relay and dedicated connectivity. It is also reasonable to assume that we could have a similar security threat regarding those system (SCADA and otherwise based on MS 2000 or XP) involved in the control, data acquisition, and maintenance of other critical infrastructure, such as inter/intra state GAS Distribution, Nuclear Plant Monitoring, Water and Sewer Processing, and city Traffic Control. IMO I think we will see a lot of finger pointing by government agencies, Utilities, and politicians for the Grid outage, until someone confess to the security dilemma and vulnerabilities in the systems which are involved in running this critical infrastructure. Regardless of whether the outage can be attributed to the blaster or its variant, this is not entirely a Microsoft problem, as it cuts to poor System Security Engineering. Nonetheless, the incident will cause lots of money to be earmarked by the US and Canadian Governments, to be spent in an attempt to solve the problem, or more specifically calm the public. - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Grid, Blaster v. Poor Security Engineering Bernie, CTA (Aug 15)
- RE: The Grid, Blaster v. Poor Security Engineering Richard M. Smith (Aug 15)
- <Possible follow-ups>
- RE: The Grid, Blaster v. Poor Security Engineering Myers, Marvin (Aug 15)
- Re: The Grid, Blaster v. Poor Security Engineering Darren Reed (Aug 16)
- RE: The Grid, Blaster v. Poor Security Engineering Christopher F. Herot (Aug 15)
- RE: The Grid, Blaster v. Poor Security Engineering Myers, Marvin (Aug 18)