Penetration Testing mailing list archives

Re: SCADA

From: Jason Ellison <infotek () datasync com>
Date: Sun, 7 Jul 2002 23:48:34 -0500 (CDT)

the following message was all snipped up.
<SNIP>

 http://www.washingtonpost.com/wp-dyn/articles/A50765-2002Jun26.html

<SNIP>

----- Original Message -----
From: FBI Oklahoma City - DZ
Sent: Thursday, June 27, 2002 11:28 AM
Subject: FBI Information: SCADA security

The below public source information (found in the 6/27/2002 NIPC Daily
Report) and the enclosed NIPC white paper (word document) on SCADA will
hopefully allow Key Assets and InfraGard members to be more aware of a
potential vulnerability spanning numerous critical infrastructures.

Cyber attacks by Al Qaeda feared by US.  (Washington Post, 26 Jun)
According to US officials, the potential exists for the compromise of
digital devices that allow remote access of Distributed Control Systems
(DCS) and Supervisory Control and Data Acquisition Systems (SCADA).  The
simplest of these devices collect measurements, throw railway switches,
close circuit breakers, or adjust valves in the pipes that carry water,
oil, and gas.  More complicated versions of these type of devices sift
incoming data, govern multiple devices, and control other areas of the
infrastructure.  Recently, evidence has been discovered that Al Qaeda
operators have spent time on web sites that offer software and

programming

explanations for the digital switches that run power, water, transport,
and communications grids.  By disabling or taking command of floodgates

in

a dam or a sub-station handling electric power, analysts believe an
intruder could use cyber tools to disrupt/destroy critical
infrastructures.  It is surmised that terrorists may combine these
techniques, synchronized with physical acts of terrorism.


SA David Zimmermann
FBI - Oklahoma City Division
Key Asset Coordinator
405/290-7770
dz () fbi gov  <<TechNews.com.url>>  <<PCS Vulnerabilities.doc>>

<SNIP>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

SCADA Gaziel, Avishay (Jul 07)
- Re: SCADA Jason Ellison (Jul 08)
- Re: SCADA mdfranz (Jul 08)