I've wondered whether someone in Al Qaeda read "Debt of Honor" and "Executive Orders" and said "Aha!"
Some of the Clancy franchises are much less readable, but I guess there are some ideas worth thinking about in there. -- David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Tomas L. Byrnes > Sent: 21 December 2008 18:37 > To: [email protected]; John C. A. Bambenek, GCIH, CISSP > Cc: [email protected] > Subject: Re: [funsec] US 'unprepared for cyber 9/11' > > Prior to 9/11 Tom Clancy posited using airplanes as Cruise > missiles in the opening scenes of "Executive Orders". He's > been pretty prescient in his description of our > vulnerabilities, so maybe reading some of his "Net Force" > books might be useful to those dreaming up defense and > contingency plans. > > > > >-----Original Message----- > >From: [email protected] > [mailto:[email protected]] > >On Behalf Of Jon Kibler > >Sent: Sunday, December 21, 2008 9:35 AM > >To: John C. A. Bambenek, GCIH, CISSP > >Cc: [email protected] > >Subject: Re: [funsec] US 'unprepared for cyber 9/11' > > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >John C. A. Bambenek, GCIH, CISSP wrote: > >> Tell me exactly how any scenario of a "cyber 9-11" would entail > >> anything on the scale of a loss of 3,000 lives. Hyperbole does not > >> serve our industry well. > >> > > > >I can think of several scenarios where lives could be lost from an > >intentional attack against critical infrastructure under computer > >control. Here are a few examples: > > 1) There have already been deaths (from too much X-ray > exposure) due > >to software bugs. An intentional attack against medical > devices could > >kill people. > > 2) The DoE has already demonstrated that an attack against SCADA > >systems can damage power generation infrastructure beyond > quick repair. > >A widespread attack against the generation systems could > disrupt power > >for weeks to months on end. If that occurred in conjunction with a > major > >winter storm, people could easily freeze to death or die of CO > >poisoning, like has already happened in relatively minor > power outages > >in mid-winter in the U.S northeast and midwest. > > 3) Remember Bophal, India? That was an accidental wrong > positioning > >of a value on a chemical tank that lead to a chemical spill > that killed > >or injured thousands. Today, much of this type of chemical plant > >infrastructure is under computer control. An intentional > attack could > >easily result in a chemical spill that could injure or kill > thousands. > >For example, just look at the number of chemical plants > directly across > >the river from NYC in Jersey. Each one of those is a ticking > time bomb. > > > >These are just a few ways that 'computers can kill.' I could > go on for > >pages with other hypothetical scenarios that you would > probably dismiss > >as "would never happen." But, prior to 9/11, what you have said if > >someone told you that it was likely that terrorists would hijack air > >planes and crash them into major buildings, killing thousands? I am > sure > >that you would have also dismissed that as "would never happen," too. > > > >Jon K > >- -- > >Jon R. Kibler > >Chief Technical Officer > >Advanced Systems Engineering Technology, Inc. > >Charleston, SC USA > >o: 843-849-8214 > >c: 843-224-2494 > >s: 843-564-4224 > >http://www.linkedin.com/in/jonrkibler > > > >My PGP Fingerprint is: > >BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.4.8 (Darwin) > >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > >iEYEARECAAYFAklOficACgkQUVxQRc85QlNF8wCfYItukyrt1eHM3j7/CTqTqt86 > >kwgAn2IrRmrC6b+1EjNOtG88SQjH31Wm > >=AKfE > >-----END PGP SIGNATURE----- > > > > > > > > > >================================================== > >Filtered by: TRUSTEM.COM's Email Filtering Service > >http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email. > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
