[Dshield] CNN 'Explores Possibility that Power Outage is Relatedto Internet Worm'

Dragos Ruiu dr at kyx.net
Fri Aug 15 23:29:02 GMT 2003


On August 15, 2003 04:02 pm, Geoff Shively wrote:
> Dragos,
> Did you watch that piece on PBS about power grid security? In that they
> talk about how it could happen and why. I have researched the institution
> and lab that was featured in that piece and found credible data. In fact
> they perform 'strikes' against SCADA systems and probe security.
>
> So that we are not too redundant here, in the documentary the gentleman
> from Sandia Laboratories (www.sandia.com) lays out an attack possibility
> that would cause an operator to cause more damage than the attacker.
>
> It is worth watching, even if you aren't a PBS fan:
> http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/
>
> This is also worth a read:
> http://www.automationtechies.com/sitepages/pid641.php
>
Interesting stuff thanks.

I agree that there are things to worry about.  My point however
is that the SCADA vuln threats are indirect ones rather than direct.

And even if you compromise the measurement data via SCADA vuln,
the scenario to get an operator to mess things up is a complicated one
because the bogus config should be caught by the simulations which
should stop the operator from botching the system.

I do pen-tests for a living, and fully know that _everything_ is vulnerable
in some way or other.  But in the overall scheme of things the power system
is one of the better things we've built, and some fairly complicated
maneuvers and acrobatics through hoops would have to be done
to acheive a wide scale network based disruption IMHO. Limited
disruptions would be more easily achievable probably by targetting 
whatever weaker components. In any of these cases I think that the
larger threats to the power systems are physical rather than net based.

I personally know a couple of people who _have_ done pen tests on 
SCADA stuff, and am privy to some information I am not allowed to discuss,
and am very aware of lots of faults that may lurk in these systems. 
It's a real problem, particularly for some industries other than the power
industry. However for power networks, I think that some of these threats
may be currently overstated given the first hand knowledge I have
seen of their procedures and design.

Anyways, thanks for the interesting material and discourse.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2003   http://www.pacsec.jp
pgpkey http://dragos.com/ kyxpgp




More information about the list mailing list