Full Disclosure mailing list archives
Re: east coast powergrid / SCADA [OT?]
From: "Geoff Shively" <gshively () pivx com>
Date: Fri, 15 Aug 2003 23:33:30 -0700
Now can we give msblast a rest? :)
Not just yet, I still have a breath or two left =).
This is far from a complete explanation. But it fits the available facts,
it
fits the timetable of what happened, and it makes logical sense in relation to the recent history of the power grid.
I have to concur, but in this case, I am referring to the blast theory. It does fit the timetable and available facts. I am not saying this is fact, I am saying we should not dismiss it easily. Quick and easy dismissal on this list and others were surprisingly hard to find, discussions have been intelligent and well rounded. Lots of input from people who actually know the SCADA and DCS systems, as well as people in general security. This information sharing makes me happy compared to the frustration I experience when I read the quotes by SANS and CERT reps in all of the national news media articles dismissing the possibility without even looking into it. How do I know they didn't look into it? Well, for starters there was a statement made by Alan Paller, CEO of SANS Institute said it is "highly unlikely" that the process control computers behind critical infrastructure like power in the United States would run on the Windows operating system.
Please, if that were the case, why have none of hte other billons of windows
vulnerabilities
ever affected the grid? more specifically, why havent any of the thousands of rpc vunerabilites ever effected the grid?
This is one of the largest RPC worms released is it not? I am actually asking, because I cannot remember one that exploited the same conditions or mimicked the activates of blaster. Also, you never know when a certain set of circumstances will permit one thing from happening and not another. One of the nuances of multi-layers technology.
Niagra somehow saw this coming and shut down all generators in time to stay on the grid, and as the failure expanded more failsafe kicked in
to
contain it.
CNN also said that the entire cascading shutdown occurred in 9 seconds total. This means that the Niagara plant was one of the first in this cascade effect and would have had a fraction of that time to see a surge coming, and with the speed in which we all know electrical surges travel there would be little to no warning. I am no power expert, I am just working with the facts provided to me, and my uber leet math skills of adding and subtracting ;)
This is far from a complete explanation.
As is anything at this point, but hey, this is all part of the process. Cheers, Geoff Shively, CHO PivX Solutions, LLC http://www.pivx.com ----- Original Message ----- From: "Stephen Clowater" <steve () stevesworld hopto org> To: <full-disclosure () lists netsys com> Sent: Saturday, August 16, 2003 1:36 AM Subject: Re: [Full-disclosure] east coast powergrid / SCADA [OT?]
Its highly unlikely that msblast had anything to do with the power outage. For one, the internal rpc network that is used to monitor actual power spikes, and to move current from one circut to the next in a grid is a closed network. And in the areas were it cant be closed (between major utilities) it is tunnled via a VPN. Yes it runs a bit of NT4 and a bit of Windows 2000, In the next few years there has been a plan proposed to make freeBSD a standard. MSblast did not cause this, there have been warnings for the last 10 years that the grid was overloaded in the particular ring were the overload started. For years people have been warning that if a major transmitton
line
went during a high demand period of time, then you could be looking at a surge larger than can be midigated coming out of that ring. And then when
it
happens people come up with this theory that its msblast? Please, if that were the case, why have none of hte other billons of windows
vunerabilities
ever affected the grid? more specifically, why havent any of the thousands of rpc vunerabilites ever effected the grid? And sure enough, this morning on CNN, officals said they have a working theory that a major transmition line inside the ring went, wich created a back wave in the grid until it finaly came around in the form of a hudge surge. Niagra somehow saw this coming and shut down all generators in time to stay on the grid, and as the failure expanded more failsafes kicked in
to
contain it. This is far from a complete explanation. But it fits the avialable facts,
it
fits the timetable of what happened, and it makes logical sense in
relation
to the recent history of the power grid. Now can we give msblast a rest? :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: east coast powergrid / SCADA [OT?], (continued)
- RE: east coast powergrid / SCADA [OT?] Kane Lightowler (Aug 14)
- RE: east coast powergrid / SCADA [OT?] tetsujin (Aug 15)
- RE: east coast powergrid / SCADA [OT?] Andre Ludwig (Aug 14)
- RE: east coast powergrid / SCADA [OT?] RMcElroy (Aug 15)
- RE: east coast powergrid / SCADA [OT?] gml (Aug 15)
- RE: east coast powergrid / SCADA [OT?] Jason Coombs (Aug 15)
- Re: east coast powergrid / SCADA [OT?] -SIMON- (Aug 15)
- Official Microsoft RPC DCOM scanning tool Joey (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 15)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)
- RE: east coast powergrid / SCADA [OT?] gml (Aug 15)
- RE: east coast powergrid / SCADA [OT?] Kane Lightowler (Aug 14)
- Re: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- RE: east coast powergrid / SCADA [OT?] Richard M. Smith (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoff Shively (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Geoincidents (Aug 16)
- Message not available
- RE: east coast powergrid / SCADA [OT?] Bernie, CTA (Aug 16)
- Re: east coast powergrid / SCADA [OT?] Stephen Clowater (Aug 16)