> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Caggy, James > Sent: Tuesday, August 19, 2003 9:58 AM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] SCADA makes you a target for > terrorists take 2 > > > This is a "Lessons learned from Slammer" advisory put out by > the NAERC two months ago and admits that the SCADA system is > vulnerable to worms and/or viruses. > > http://www.esisac.com/publicdocs/SQL_Slammer_2003.pdf
Excellent paper. > > There's still no reason not to believe that last week's > blackout wasn't in someway related to MSBlaster or a hacker > taking advantage of RPC. > The paper is excellent, but that does not mean Blaster took down the power grid. I think that people need to remember to show some constraint, unless they want the problems in SCADA to appear to be overblown... A "cry wolf scenario". There is a very good reason to not "believe" that Blaster or a hacker took down the grid last week -- there is no proof for it. There may be circumstantial evidence for this, but that is not the same thing as proof. > > > -----Original Message----- > From: Bernie, CTA [mailto:[EMAIL PROTECTED] > Sent: Monday, August 18, 2003 9:03 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: [Full-Disclosure] SCADA makes you a target for > terrorists take 2 > > Over a year ago the NIPC put out a warning about threats > regarding the SCADA Systems > > Again, my point is regardless of what caused the Blackout, > attention needs to be given on improving and integrating System > Security first, and replacing the so called worn out Grid > (cables and related infrastructure) last. Vulnerable components > should be identified, isolated and neutralized immediately. > Worry about the sagging cables later. > > I can not understand why the same basic principles of systems > security engineering should not apply to the Power Industry > i.e., analyze potential Threats (Accessibility, Integrity, > Confidentiality), Vulnerabilities and Attacks. > > Ok I'm done... for now. > > >>>> > National Infrastructure Protection Center > > > Terrorist Interest in Water Supply and SCADA Systems > Information Bulletin 02-001 30 January 2002 > > NIPC Information Bulletins communicate issues that pertain to > the critical national infrastructure and are for information > purposes only. > > A computer that belonged to an individual with indirect links to > USAMA BIN LADIN contained structural architecture computer > programs that suggested the individual was interested in > structural engineering as it related to dams and other water- > retaining structures. The computer programs included CATIGE, > BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to > identify and classify soils using the UNIFIED SOIL > CLASSIFICATION SYSTEM. > > In addition, U.S. law enforcement and intelligence agencies have > received indications that Al-Qa'ida members have sought > information on Supervisory Control And Data Acquisition (SCADA) > systems available on multiple SCADA-related web sites. They > specifically sought information on water supply and wastewater > management practices in the U.S. and abroad. There has also been > interest in insecticides and pest control products at several > web sites. > > Recipients can find additional information regarding posting > sensitive infrastructure-related information on Internet web > sites in NIPC Advisory 02-001 issued on 17 January 2002 at > http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The > intent of this bulletin was to encourage Internet content > providers to review the sensitivity of the data they provide > online. > > The NIPC encourages recipients of this Information Bulletin to > report information concerning criminal or terrorist activity to > their local FBI office http://www.fbi.gov/contact/fo/fo.htm or > the NIPC, and to other appropriate authorities. Recipients may > report incidents online at > http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC > Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or > [EMAIL PROTECTED] > **************************************************** > Bernie > Chief Technology Architect > Chief Security Officer > [EMAIL PROTECTED] > Euclidean Systems, Inc. > ******************************************************* > // "There is no expedient to which a man will not go > // to avoid the pure labor of honest thinking." > // Honest thought, the real business capital. > // Observe> Think> Plan> Think> Do> Think> > ******************************************************* > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
