funsec mailing list archives
Re: cyber-9/11
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 08 Apr 2009 17:23:49 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Graham wrote:
Robert, if you have a better idea how to force security accountability by providers of critical infrastructure, I am sure the world would be glad to hear from you.I don't understand the question. The power critical infrastructure is no more vulnerable to cyberattack than it is to a physical attack, such as bombing selected power substations, or holding an engineer's family hostage while he flips the appropriate switch on a nuclear reactor. State actors or well-funded terrorist organizations do not like hacking. The reason is that the results are unreliable. They'd rather go the physical route and get the desired result in a predictable timeframe. I agree with the point that SCADA is laughably weak, I disagree that drastic government control is needed to fix the problem, or will fix the problem.
Robert, let me rephrase my last question. Clearly, you oppose government regulation to force companies to take adequate security measures. What would you suggest that we do to get these companies to take adequate security measures? Surely, you would not advocate a position of "let them crash and burn"? A situation where the Federal government would once again be forced to come in and act in hind site to correct for the excesses (inaction, in this case) of private industry? How do you suggest that we fix the mess that is CIP? All I hear is criticism, but no suggestions on alternate approaches to getting the problem fixed. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkndFeUACgkQUVxQRc85QlPLagCffPFnbwKbFV2xycvDRYXsN39v P+UAn06GNrH2bXKVN08tdYGyWskl7WAF =kVp6 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: cyber-9/11, (continued)
- Re: cyber-9/11 Robert Graham (Apr 07)
- Re: cyber-9/11 Jon Kibler (Apr 07)
- Re: cyber-9/11 Gadi Evron (Apr 07)
- Re: cyber-9/11 Barry Raveendran Greene (Apr 07)
- Re: cyber-9/11 Richard Golodner (Apr 07)
- Re: cyber-9/11 quispiam lepidus (Apr 08)
- Re: cyber-9/11 Robert Graham (Apr 07)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Gadi Evron (Apr 08)
- Re: cyber-9/11 Chris Blask (Apr 08)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Nick FitzGerald (Apr 08)
- Re: cyber-9/11 der Mouse (Apr 08)
- Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Donal (Apr 08)