Re: US 'unprepared for cyber 9/11'

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John C. A. Bambenek, GCIH, CISSP wrote:
> Tell me exactly how any scenario of a "cyber 9-11" would entail
> anything on the scale of a loss of 3,000 lives. Hyperbole does not
> serve our industry well.

I can think of several scenarios where lives could be lost from an
intentional attack against critical infrastructure under computer
control. Here are a few examples:
   1) There have already been deaths (from too much X-ray exposure) due
to software bugs. An intentional attack against medical devices could
kill people.
   2) The DoE has already demonstrated that an attack against SCADA
systems can damage power generation infrastructure beyond quick repair.
A widespread attack against the generation systems could disrupt power
for weeks to months on end. If that occurred in conjunction with a major
winter storm, people could easily freeze to death or die of CO
poisoning, like has already happened in relatively minor power outages
in mid-winter in the U.S northeast and midwest.
   3) Remember Bophal, India? That was an accidental wrong positioning
of a value on a chemical tank that lead to a chemical spill that killed
or injured thousands. Today, much of this type of chemical plant
infrastructure is under computer control. An intentional attack could
easily result in a chemical spill that could injure or kill thousands.
For example, just look at the number of chemical plants directly across
the river from NYC in Jersey. Each one of those is a ticking time bomb.

These are just a few ways that 'computers can kill.' I could go on for
pages with other hypothetical scenarios that you would probably dismiss
as "would never happen." But, prior to 9/11, what you have said if
someone told you that it was likely that terrorists would hijack air
planes and crash them into major buildings, killing thousands? I am sure
that you would have also dismissed that as "would never happen," too.

Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklOficACgkQUVxQRc85QlNF8wCfYItukyrt1eHM3j7/CTqTqt86
kwgAn2IrRmrC6b+1EjNOtG88SQjH31Wm
=AKfE
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.