Re: Risk/Threat Assessments for Utility specific software/hardware

["Kurt Seifried" <bt () seifried org>]

Go find a company that writes process control software (preferably the one
they plan to use) and talk to them. Ditto goes for SCADA systems, many of
which have tcp-ip capabilities, with many now having capabilities such as
emailing reports, directly from RTU's!. Generally speaking the security on
this stuff is bad, the primary method being to seperate it heavily, which
may or may not work (dialup, VPN's, etc.).


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/