[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C778D0C8BC20D5119B6700D0B7B617A05C3E01@DAYTONA>
From: ALudwig at Calfingroup.com (Andre Ludwig)
Subject: SCADA makes you a target for terrorists tak
e 2
I fully support you in your quest my friend. I think it is completely
asinine that the people who run these systems do the things they do. I mean
this is critical infrastructure after all! And I still have not seen any
evidence to sway my thoughts on this matter. If you look at the NERC
reports as to what caused the outages there was no mention of Ohio in them.
Unless of course they changed them from sat night.
Andre Ludwig, CISSP
-----Original Message-----
From: Bernie, CTA [mailto:cta@...in.net]
Sent: Monday, August 18, 2003 6:03 PM
To: full-disclosure@...ts.netsys.com
Cc: Elinor.Abreu@...ters.com
Subject: [Full-Disclosure] SCADA makes you a target for terrorists take
2
Over a year ago the NIPC put out a warning about threats
regarding the SCADA Systems
Again, my point is regardless of what caused the Blackout,
attention needs to be given on improving and integrating System
Security first, and replacing the so called worn out Grid
(cables and related infrastructure) last. Vulnerable components
should be identified, isolated and neutralized immediately.
Worry about the sagging cables later.
I can not understand why the same basic principles of systems
security engineering should not apply to the Power Industry
i.e., analyze potential Threats (Accessibility, Integrity,
Confidentiality), Vulnerabilities and Attacks.
Ok I'm done... for now.
>>>>
National Infrastructure Protection Center
Terrorist Interest in Water Supply and SCADA Systems
Information Bulletin 02-001
30 January 2002
NIPC Information Bulletins communicate issues that pertain to
the critical national infrastructure and are for information
purposes only.
A computer that belonged to an individual with indirect links to
USAMA BIN LADIN contained structural architecture computer
programs that suggested the individual was interested in
structural engineering as it related to dams and other water-
retaining structures. The computer programs included CATIGE,
BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to
identify and classify soils using the UNIFIED SOIL
CLASSIFICATION SYSTEM.
In addition, U.S. law enforcement and intelligence agencies have
received indications that Al-Qa'ida members have sought
information on Supervisory Control And Data Acquisition (SCADA)
systems available on multiple SCADA-related web sites. They
specifically sought information on water supply and wastewater
management practices in the U.S. and abroad. There has also been
interest in insecticides and pest control products at several
web sites.
Recipients can find additional information regarding posting
sensitive infrastructure-related information on Internet web
sites in NIPC Advisory 02-001 issued on 17 January 2002 at
http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The
intent of this bulletin was to encourage Internet content
providers to review the sensitivity of the data they provide
online.
The NIPC encourages recipients of this Information Bulletin to
report information concerning criminal or terrorist activity to
their local FBI office http://www.fbi.gov/contact/fo/fo.htm or
the NIPC, and to other appropriate authorities. Recipients may
report incidents online at
http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC
Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or
nipc.watch@....gov-
****************************************************
Bernie
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go
// to avoid the pure labor of honest thinking."
// Honest thought, the real business capital.
// Observe> Think> Plan> Think> Do> Think>
*******************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists