Re: First real-world SCADA attack in US

[Jay Ashworth <jra () baylink com>]

----- Original Message -----
> From: "Ryan Pavely" <paradox () nac net>

> Perhaps the laws people suggest we need to protect ourselves should be
> added to. If you are the operator of a network and due to complete
> insanity leave yourself wide open to attack, you are just as guilty as
> the bad guys... But then again I don't want to goto jail for leaving
> my car door open and having someone steal my car, so nix that idea.

There is a difference, there, Ryan, both in degree of danger, and in duty of
care.  If you leave your car open, the odds that someone will steal it *and
use it to plow into a crowd of people* are pretty low; the odds that someone
breaking into a SCADA network mean to cause harm to the unsuspecting public
are probably a bit higher.

Also, the people running that SCADA network *get paid* to do so in a fashion 
which does not cause undue risk to the general public be they customers of the
utility or not; this is also not true of your stolen car.

So I don't think there's all that much danger of "making laws to protect
the public from attacked SCADA networks not secured in accordance with 
generally accepted best practices" being generalized into "you're going to
jail if someone steals your car, even if they *do* use it as a weapon".

Even as stupid and grandstander as our Congress is.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274