I wasn't particularly surprised, per se, on 9/11. People have been saying stuff like that was eminent for years and we've seen the writing on the wall. Regardless of how it is played in the press, it doesn't take much effort to take a few people, teach them basic stick and rudder and then give them box cutters. It relied on the passification of our culture, an assumption that is no longer true (which Robert Reid can attest to, for instance). In short, if someone told me before 9/11 that it was coming, I would have said, "Yes, we know, but the decision makers don't give a shit until it actually happens".
Of course, this doesn't mean I suddenly agree on the cyber 9-11 doomsday prophesies either. Jon Kibler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > John C. A. Bambenek, GCIH, CISSP wrote: > >> Tell me exactly how any scenario of a "cyber 9-11" would entail >> anything on the scale of a loss of 3,000 lives. Hyperbole does not >> serve our industry well. >> >> > > I can think of several scenarios where lives could be lost from an > intentional attack against critical infrastructure under computer > control. Here are a few examples: > 1) There have already been deaths (from too much X-ray exposure) due > to software bugs. An intentional attack against medical devices could > kill people. > 2) The DoE has already demonstrated that an attack against SCADA > systems can damage power generation infrastructure beyond quick repair. > A widespread attack against the generation systems could disrupt power > for weeks to months on end. If that occurred in conjunction with a major > winter storm, people could easily freeze to death or die of CO > poisoning, like has already happened in relatively minor power outages > in mid-winter in the U.S northeast and midwest. > 3) Remember Bophal, India? That was an accidental wrong positioning > of a value on a chemical tank that lead to a chemical spill that killed > or injured thousands. Today, much of this type of chemical plant > infrastructure is under computer control. An intentional attack could > easily result in a chemical spill that could injure or kill thousands. > For example, just look at the number of chemical plants directly across > the river from NYC in Jersey. Each one of those is a ticking time bomb. > > These are just a few ways that 'computers can kill.' I could go on for > pages with other hypothetical scenarios that you would probably dismiss > as "would never happen." But, prior to 9/11, what you have said if > someone told you that it was likely that terrorists would hijack air > planes and crash them into major buildings, killing thousands? I am sure > that you would have also dismissed that as "would never happen," too. > > Jon K > - -- > Jon R. Kibler > Chief Technical Officer > Advanced Systems Engineering Technology, Inc. > Charleston, SC USA > o: 843-849-8214 > c: 843-224-2494 > s: 843-564-4224 > http://www.linkedin.com/in/jonrkibler > > My PGP Fingerprint is: > BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAklOficACgkQUVxQRc85QlNF8wCfYItukyrt1eHM3j7/CTqTqt86 > kwgAn2IrRmrC6b+1EjNOtG88SQjH31Wm > =AKfE > -----END PGP SIGNATURE----- > > > > > ================================================== > Filtered by: TRUSTEM.COM's Email Filtering Service > http://www.trustem.com/ > No Spam. No Viruses. Just Good Clean Email. > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
