funsec mailing list archives

Re: cyber-9/11

From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 08 Apr 2009 17:23:49 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Graham wrote:

Robert, if you have a better idea how to force security 
accountability by providers of critical infrastructure, I am 
sure the world would be glad to hear from you.


I don't understand the question. The power critical infrastructure is no more vulnerable to cyberattack than it is to 
a physical attack, such as bombing selected power substations, or holding an engineer's family hostage while he flips 
the appropriate switch on a nuclear reactor. State actors or well-funded terrorist organizations do not like hacking. 
The reason is that the results are unreliable. They'd rather go the physical route and get the desired result in a 
predictable timeframe.

I agree with the point that SCADA is laughably weak, I disagree that drastic government control is needed to fix the 
problem, or will fix the problem.


Robert, let me rephrase my last question. Clearly, you oppose government
regulation to force companies to take adequate security measures. What
would you suggest that we do to get these companies to take adequate
security measures?

Surely, you would not advocate a position of "let them crash and burn"?
 A situation where the Federal government would once again be forced to
come in and act in hind site to correct for the excesses (inaction, in
this case) of private industry?

How do you suggest that we fix the mess that is CIP? All I hear is
criticism, but no suggestions on alternate approaches to getting the
problem fixed.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkndFeUACgkQUVxQRc85QlPLagCffPFnbwKbFV2xycvDRYXsN39v
P+UAn06GNrH2bXKVN08tdYGyWskl7WAF
=kVp6
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: cyber-9/11, (continued)
- - - Re: cyber-9/11 Robert Graham (Apr 07)
    - Re: cyber-9/11 Jon Kibler (Apr 07)
    - Re: cyber-9/11 Gadi Evron (Apr 07)
    - Re: cyber-9/11 Barry Raveendran Greene (Apr 07)
    - Re: cyber-9/11 Richard Golodner (Apr 07)
    - Re: cyber-9/11 quispiam lepidus (Apr 08)
    - Re: cyber-9/11 Robert Graham (Apr 07)
    - Re: cyber-9/11 Jon Kibler (Apr 08)
    - Re: cyber-9/11 Gadi Evron (Apr 08)
    - Re: cyber-9/11 Chris Blask (Apr 08)
    - Re: cyber-9/11 Jon Kibler (Apr 08)
    - Re: cyber-9/11 Nick FitzGerald (Apr 08)
    - Re: cyber-9/11 der Mouse (Apr 08)
    - Re: cyber-9/11 Jon Kibler (Apr 08)
- Re: cyber-9/11 Robert Graham (Apr 07)
  - Re: cyber-9/11 Donal (Apr 08)
- Re: cyber-9/11 Chris Blask (Apr 08)