“The horse is dead Jim.”
It’s sad that this alarm bell is still ringing but, for whatever reason it doesn’t seem to have much effect. Now in the witless relocation program, I have been watching the the critical infrastructure world from the comfort of my armchair. And from everything I hear from around North America there is still a disconnect with respects to the “Us vs Them” tedious battle that rages between control operators and IT folks.
From The Register:
A UK government minister has warned that cyber-terrorists were attempting to take out the national grid.
Security Minister Lord West of Spithead also said that state-sponsored hackers are attempting to infiltrate corporate networks to steal commercial secrets. Much of this could have been said at any time over the last four or five years, if not longer. But a number of more recent factors spice up the stew, including targeted Trojan attacks, vulnerabilities in the (now) internet-connected SCADA control systems that control power plants and recent high-profile cyber-attacks against Georgia and Estonia.
First off I will have to deduct the standard 10 points for the excessive use of the word “cyber”. That being said, targeted attacks against infrastructure are real. But, the home team is making it a little too easy at times for the baddies. Many SCADA organizations have a tendency to use insecure software and are often slow to patch. This isn’t something new. It just is.
There are bright spots on the horizon in North America at least. NERC recently announced that they had hired on Michael Assante to be their CSO. An excellent move by all accounts. And not a moment too soon when you can find things like this on Google. (hint: third link down the page & no SSL). Granted it isn’t a North American site but trust me, they are out there.