funsec mailing list archives
Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Thu, 5 Jun 2008 08:09:13 -0700
To be fair, the TVA report came from the GAO and I've yet to read a GAO report on "cyber security" that wasn't bad news for the organization being audited. If they were to go to any other utility company in the world I'm sure they'd find similar issues as their standards are (rightfully so) very high. That's not to say there aren't problems at TVA as I'm sure there are. NERC is more concerned on keeping the power running which includes things like life and health safety, flowing electricity between long distances and different companies, making sure generation is there, etc. Cyber security is on the list and if companies don't follow their CIP standard they face huge fines (up to $1m a day of non-compliance). Suffice to say power companies are an old lot here in the US and as such have an air of self-importance which leads to the "we know what's best" syndrome. After all, they have to keep the lights on and the hospitals running. On Sun, Jun 1, 2008 at 9:58 PM, Juha-Matti Laurio < juha-matti.laurio () netti fi> wrote:
From Forbes.com: "..... I think we could search far and wide and not find a more disorganized response to a national security issue of this import," said Rep. James Langevin (D-R.I.), chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. He pointed a finger to several groups: the DHS for giving scanty details of its video-taped simulation; the power industry for working too slowly to mitigate the threat; and the North American Electric Reliability Corporation, an industry group, for failing in its role as the self-regulatory body assigned to ensure a consistent national power supply. "Everything about the way this vulnerability was handled … leaves me with little confidence that we're ready or willing to deal with the cyber security threat," he said. The House's criticisms focused primarily on the electric utility industry group, NERC. They argued that the advisories issued by NERC are ineffective and that it has repeatedly misled the House in its investigation of the Aurora vulnerability." --clip-- More at http://www.forbes.com/technology/2008/05/22/cyberwar-breach-government-tech-security_cx_ag_0521cyber.html And CNN's Study finds TVA vulnerable to hacking: http://www.cnn.com/2008/US/05/21/cyber.attack/ "The Tennessee Valley Authority, which supplies power to almost 9 million Americans, "has not fully implemented appropriate security practices to protect the control systems used to operate its critical infrastructures," leaving them "vulnerable to disruption," the Government Accountability Office found." --clip-- There are many readers (including me) happy now about living outside of US... Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Congress Alarmed At Cyber-Vulnerability Of Power Grid Juha-Matti Laurio (Jun 01)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Kurt Grutzmacher (Jun 05)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Matt Jonkman (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Jason Lewis (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Matt Jonkman (Jun 06)
- Re: Congress Alarmed At Cyber-Vulnerability Of Power Grid Kurt Grutzmacher (Jun 05)