UN calls for global cyber treaty

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: George Ou <George.Ou () digitalsociety org>
> Date: February 1, 2010 6:20:08 PM EST
> To: "dave () farber net" <dave () farber net>, ip <ip () v2 listbox com>, "tongia.cmu () gmail com 
> " <tongia.cmu () gmail com>
> Subject: RE: [IP] UN calls for global cyber treaty

> I would beg to differ.  Just because the SCADA network is separate  
> (or even running a different protocol other than IP) doesn’t mean th 
> at it isn’t accessible remotely.  I’ve spoken to someone in  
> charge of a major natural gas supplier in Canada last summer at a Bl 
> ackHat party.  They have Citrix remote access into their network and 
>  the machines inside the network have access to the SCADA network.   
> It would just be a matter of hijacking an internal computer and snif 
> fing the rest of the network for credential information.  The guy to 
> ld me that if someone were to release the safety on their gas turbin 
> es, it could cause them to run out of control and explode.
>
>
>
> Other times they have management systems attached to both the  
> internal LAN and SCADA network.  Those management systems are  
> usually pretty easy to exploit.
>
>
>
>
>
> George
>
>
>
> From: Dave Farber [mailto:dave () farber net]
> Sent: Monday, February 01, 2010 2:55 PM
> To: ip
> Subject: [IP] UN calls for global cyber treaty
>
>
>
>
>
>
>
> Begin forwarded message:
>
> From: Rahul Tongia <tongia.cmu () gmail com>
> Date: February 1, 2010 5:53:04 PM EST
> To: dave () farber net
> Cc: ip <ip () v2 listbox com>
> Subject: Re: [IP] UN calls for global cyber treaty
>
> Dave,
>
> If someone uses the Internet to take down your electricity grid,  
> that's not a very "smart grid"...
>
> One REALLY has to design cybersecurity up front - and this may mean  
> NOT using the public internet for anything even remotely critical,  
> or adding layers of security, access control, gateways, and  
> segmentation.  One can use internet *protocols* - that doesn't make  
> it the Internet.  It's not that hard to create a separate network  
> for a smart grid - SCADA systems have been doing it for years.  The  
> world's largest SCADA of its kind is actually up and running in  
> India (built by ABB).
>
> Physical layer threats (including wireless) are a bigger challenge  
> than a remote hacker should be.
>
> [I have an article submitted for publication to IEEE that uses the  
> difference between the Internet and internet to postulate how there  
> is actually an analogous difference between a smart grid and a Smart  
> Grid.  Just using smart grid technologies (e.g., a smart meter)  
> doesn't make a Smart Grid...copies available to folks on request]
>
> Rahul
>
> On Tue, Feb 2, 2010 at 4:04 AM, Dave Farber <dave () farber net> wrote:
>
>
>
>
>
> Begin forwarded message:
>
> From: Richard Forno <rforno () infowarrior org>
> Date: February 1, 2010 5:27:28 PM EST
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: UN calls for global cyber treaty
>
>
> Once again, we hear rumblings of "internet drivers' liscenses as  
> part of any 'solutions' to 'protect' the net.....   -rf
>
>
> UN calls for global cyber treaty
> http://www.zdnet.com.au/news/security/soa/UN-calls-for-global-cyber-treaty/0,130061744,339300673,00.htm?omnRef=1337
> By AAP
> 01 February 2010 10:07 AM
> Tags: un, treaty, security, google, china, cyber, war, attack
> The world needs a treaty to prevent cyber attacks becoming an all- 
> out war, the head of the main UN communications and technology  
> agency has warned.
>
> International Telcommunications Union secretary general Hamadoun  
> Toure gave his warning on Saturday at a World Economic Forum debate  
> where experts said nations must now consider when a cyber attack  
> becomes a declaration of war.
>
> With attacks on Google from China a major talking point in Davos,  
> Toure said the risk of a cyber conflict between two nations grows  
> every year.
>
> He proposed a treaty in which countries would engage not to make the  
> first cyber strike against another nation.
>
> "A cyber war would be worse than a tsunami — a catastrophe," the UN  
> official said, highlighting examples such as attacks on Estonia last 
>  year.
>
> He proposed an international accord, adding: "The framework would  
> look like a peace treaty before a war."
>
> Countries should guarantee to protect their citizens and their right  
> to access to information, promise not to harbour cyber terrorists  
> and "should commit themselves not to attack another".
>
> John Negroponte, former director of US intelligence, said  
> intelligence agencies in the major powers would be the first to  
> "express reservations" about such an accord.
>
> Susan Collins, a US Republican senator who sits on several senate  
> military and home affairs committees, said the prospect of a cyber  
> attack sparking a war was now being considered in the United States.
>
> "If someone bombed the electric grid in our country and we saw the  
> bombers coming in it would clearly be an act of war.
>
> "If that same country uses sophisticated computers to knock out our  
> electricity grid, I definitely think we are getting closer to saying  
> it is an act of war," Collins said.
>
> Craig Mundie, chief research and strategy officer for Microsoft,  
> said "there are at least 10 countries in the world whose internet  
> capability is sophisticated enough to carry out cyber attacks ...  
> and they can make it appear to come from anywhere."
>
> "The internet is the biggest command and control centre for every  
> bad guy out there," he said.
>
> The head of online security company McAfee told another Davos debate  
> on Friday that China, the United States, Russia, Israel and France  
> were among 20 countries locked in a cyberspace arms race and gearing  
> up for possible internet hostilities.
>
> Mundie and other experts have said there is a growing need to police  
> the internet to clampdown on fraud, espionage and the spread of  
> viruses.
>
> "People don't understand the scale of criminal activity on the  
> internet. Whether criminal, individual or nation states, the  
> community is growing more sophisticated," the Microsoft executive  
> said.
>
> "We need a kind of World Health Organisation for the internet," he  
> said.
>
> He also called fo a "driver's licence" for internet users.
>
> "If you want to drive a car you have to have a licence to say that  
> you are capable of driving a car, the car has to pass a test to say  
> it is fit to drive and you have to have insurance."
>
> Archives Error! Filename not specified.
>
> Error! Filename not specified.
>
>
>
> Archives



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com