“The horse is dead Jim.”

It’s sad that this alarm bell is still ringing but, for whatever reason it doesn’t seem to have much effect. Now in the witless relocation program, I have been watching the the critical infrastructure world from the comfort of my armchair. And from everything I hear from around North America there is still a disconnect with respects to the “Us vs Them” tedious battle that rages between control operators and IT folks.

From The Register:

A UK government minister has warned that cyber-terrorists were attempting to take out the national grid.

Security Minister Lord West of Spithead also said that state-sponsored hackers are attempting to infiltrate corporate networks to steal commercial secrets. Much of this could have been said at any time over the last four or five years, if not longer. But a number of more recent factors spice up the stew, including targeted Trojan attacks, vulnerabilities in the (now) internet-connected SCADA control systems that control power plants and recent high-profile cyber-attacks against Georgia and Estonia.

First off I will have to deduct the standard 10 points for the excessive use of the word “cyber”. That being said, targeted attacks against infrastructure are real. But, the home team is making it a little too easy at times for the baddies. Many SCADA organizations have a tendency to use insecure software and are often slow to patch. This isn’t something new. It just is.

There are bright spots on the horizon in North America at least. NERC recently announced that they had hired on Michael Assante to be their CSO. An excellent move by all accounts. And not a moment too soon when you can find things like this on Google. (hint: third link down the page & no SSL). Granted it isn’t a North American site but trust me, they are out there.

Article Link

Comments

  1. Basic Googledorks lead to many more interesting results when coupled with common SCADA and process control terms. How many internet-facing web-based HMIs do you think are out there…? Hint: Greater than zero.

    The “Us vs. Them” thing is the biggest hurdle now in securing SCADA/PCS-driven infrastructure. Both sides need to pull their collective heads out of their…uh…ears and check their egos at the door. From my vantage point, it’s getting alot better, but it doesn’t help that “leaders” in the industry are continually promoting it from their bully pulpits to promote their own agendas.

    BTW, neat interview/report from the guy who runs CERN’s Large Hadron Collider security program:

    http://ethernet.industrial-networking.com/articles/articledisplay.asp?id=1490

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.