--- On Mon, 11/9/09, [email protected] <[email protected]> wrote:
> This just in: The hackers that took out the Brazilian power
> grid? Turns out it was a poorly maintained insulator:
One of the problems with identifying and attributing cyber attacks against
things like grids is that there are so many other things that could have gone
wrong. If there was a desire to downplay the incident (for which the
motivation is very high) it is trivial to deliver an alternate story.
Does this mean the Brazilian alternative story is a cover up? Probably not,
but almost no one (not even the utility employees) would be able to gainsay it
if it was.
The point remains: control systems (not just grid systems, but everywhere) are
extremely unprepared for cyber attack. The amount of effort applied to cyber
security as a percentage of resources applied to these systems is virtually
unmeasurably small, and where there has been any at all it is almost always a
one-off custom engagement. Control system networks make the IT networks we all
complain about look like Fort Knox.
We need to regularize our approach to CIP cybersecurity or we aren't going to
make any headway at all.
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.