RE: Hackers threaten power network

[InfoSec News <isn () c4i org>]

Forwarded from: "Skroch, Michael" <mjskroc () sandia gov>

I agree the article doesn't have enough information to distinguish the
power producer from any other information system or critical
infrastructure provider subject to exposure to hackers.  There is no
mention of connectivity between their IT enterprise and a SCADA
network.  The claims of similar outages to Italy and the eastern US
are unfounded references given there is no or little cyber connection
to those events.  On the other hand, many critical infrastructure
providers are connected to the Internet, so there shouldn't be
surprise that this power provider is also exposed in that way.

mike

--
Michael J. Skroch (skraw)
Manager, Information Operations Red Team & Assessments
http://www.sandia.gov/iorta/


-----Original Message-----
From: InfoSec News [mailto:isn () c4i org]
Sent: Thursday, October 02, 2003 11:38 PM
To: isn () attrition org
Subject: RE: [ISN] Hackers threaten power network


Forwarded from: "Moyer, Shawn" <SMoyer () rgare com>

Is there anyone connected to the I-net who doesn't have "daily visits
from trespassers"? Not saying there aren't people out there targetting
power grids, but this reads like fluff / FUD to me. I'd like to know
how many of the "daily visits" have been verified through forensics
and analysis as bonafide directed attacks rather than the usual
worm-of-the-week / trojan-of-the-week noise.

That said, WHAT the HELL is Norway's power grid doing connected to the
INTERNET? At a minimum all management systems and networks directly
related to power production should be on separate address space /
DMZ's, or even better, air gap.


--shawn



-----Original Message-----
From: InfoSec News [mailto:isn () c4i org]
Sent: Thursday, October 02, 2003 4:46 AM
To: isn () attrition org
Subject: [ISN] Hackers threaten power network 


http://www.aftenposten.no/english/local/article.jhtml?articleID=636486

30 Sep, 2003

Norway's power grid is subject to aggressive hacking every day, 
carried out by computer terrorists apparently intent on cutting 
electricity to wide areas of the country. Agencies in charge of power 
production and the network have so far managed to thwart their 
efforts.

Employees at Statkraft, Norway's largest power producer, are being 
forced to use tremendous resources to maintain the so-called "fire 
walls" in its computer system. If they fail, Norway may be subject to 
the same kind of massive power failures that recently hit Italy, 
eastern Canada and the US.

"We have daily visits from trespassers who try to break into our 
system," Tor Inge Akselsen of Statnett told newspaper Aftenposten 
Tuesday. Statnett is in charge of Norway's power network.

Neither Statkraft nor Statnett know who they're up against, only that 
it's critically important to keep their systems secure.

A massive power failure in Oslo would halt all trains and trams and 
disrupt everything from mobile phone traffic to street lights. Back-up 
generators in key areas, however, would provide power to government 
offices, hospitals, broadcast outlets and the main airport at 
Gardermoen.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.