[SCADASEC] [Critical infrastructure central to cyber threat
Matthew Franz
mdfranz at gmail.com
Mon Apr 28 10:31:40 CDT 2008
I think their hyperbole meter is broken. I don't think you need your
time machine to go back to the 30s you just need to go back 10 years
to Eligible Receiver, Solar Sunrise how much of the same would you
see? Yes a lot has changed, but the economics hasn't.
- mdf
On Mon, Apr 28, 2008 at 9:50 AM, Kevin McGrath
<Kevin.M.Mcgrath at us.ngrid.com> wrote:
> > Also, cybersecurity specialists warned that a cyberattack could cause
> >> greater economic and physical damage than the United States has
> >> suffered.
> >>
> >> "We are talking about things much bigger than the Great
> >> Depression," said Borg. "We are talking about consequences that are
> >> only exceeded by use of nuclear weapons."
>
> Howdy,
>
> Gee I hope we all survive this coming horror show & I wonder why this
> isn't being reported as a lead news story anywhere?
>
> Regards,
> Kevin
>
>
>
> Bob Radvanovsky wrote:
> >> http://www.fcw.com/online/news/152335-1.html
> >>
> >> By Ben Bain FCW.com April 24, 2008
> >>
> >> The United States is increasingly vulnerable to cyberattacks that
> >> could have catastrophic effects on critical physical
> >> infrastructure, and severely damage the country's economic,
> >> military and strategic interests, cybersecurity specialists said
> >> today.
> >>
> >> The conventional strategic thinking that has driven defense efforts
> >> over the past century is becoming irrelevant in today's networked
> >> world, according to specialists from the U.S. Cyber Consequences
> >> Unit (US-CCU), who spoke at the GovSec, U.S. Law and Ready
> >> Conference and Exposition today in Washington.
> >>
> >> US-CCU is an independent, nonprofit research institute, set up at
> >> the request of the government. Its reports are supplied directly to
> >> the government, critical infrastructure industries and the public.
> >>
> >> "The change here is so profound that almost all of our previous
> >> defense categories are breaking down," said Scott Borg, US-CCU's
> >> director. "There is not a clear line there anymore."
> >>
> >> Borg said the distinction between physical and information attacks
> >> is disappearing, and he cited the lasting effects the terrorist
> >> attacks of 2001 had on the information technology infrastructure.
> >> Borg said Industrial-era distinctions between the local and the
> >> remote, personal and public communications, and military and
> >> economic targets are fading and very sophisticated cyberattacks
> >> could damage major nations.
> >>
> >> Scalable cyberattacks could physically destroy large numbers of
> >> electricity generators that would take years to replace, Borg said,
> >> adding that if a sizable region.s electricity was shut down for an
> >> extended period, a majority of that economy would shut down and
> >> people likely would die.
> >>
> >> Security experts worry that last spring.s denial-of-service attacks
> >> on facilities in Estonia may be a precursor. Developed countries
> >> are considered to be most susceptible to the threats.
> >>
> >> "Looking at the many wake-up calls that the international community
> >> has had over the past decade... I would say that we have entered an
> >> era of cyberterror and perhaps even an era of cyberwar," said Lauri
> >> Almann, Estonia's Permanent Undersecretary of Defence, at the
> >> conference.
> >>
> >> Also, cybersecurity specialists warned that a cyberattack could
> >> cause greater economic and physical damage than the United States
> >> has suffered.
> >>
> >> "We are talking about things much bigger than the Great
> >> Depression," said Borg. "We are talking about consequences that are
> >> only exceeded by use of nuclear weapons."
> >>
> >> His colleague at US-CCU, John Bumgarner, said attacks that could
> >> cripple an entire industry can be carried out by a handful of
> >> knowledgeable people.
> >>
> >> The specialists said the primary target of cyberattacks presently
> >> is business information that has been consolidated in a company's
> >> information system. This can allow thieves to open a new factory
> >> with the exact specifications and settings it took the business
> >> they victimized years to perfect.
> >>
> >> Borg said he is concerned that although the federal government's
> >> efforts to consolidate access points to the government.s systems
> >> could mitigate information leaks, more consolidation can also make
> >> systems more susceptible to damage from attacks. He said that
> >> cybersecurity and military efforts should be expanded from focusing
> >> on perimeter defenses to also stress resiliency, robust systems and
> >> protecting critical infrastructure.
> >>
> >> Homeland Security Department officials who have been rolling out
> >> the Bush administration's new classified cyberinitiative so far
> >> have stressed beefing up intrusion detection and improving
> >> coordination between federal agencies and the private sector, which
> >> owns approximately 85 percent of the country.s critical
> >> infrastructure.
> >>
> >> Homeland Security Presidential Directive 7, issued in December
> >> 2003, designated DHS as the lead agency for protecting critical
> >> infrastructure. DHS' 2006 National Infrastructure Protection Plan
> >> designated the roles that several agencies have in protecting
> >> different sectors of critical infrastructure.
> >>
> >> US-CCU has developed a list of critical infrastructure groups based
> >> on how significant they are to the country's economy. The defense
> >> industry ranks only as the fourth most economically significant
> >> group.
> >>
> >> The study ranks the Critical Infrastructure Groups (CIG) in the
> >> following order:
> >>
> >> . Electric power, oil and gas fuel, telecommunications/Internet,
> >> banking. . Chemical industries, water and sanitation, air and
> >> ground transport. . Hospitals and health care, police and fire
> >> departments. . Electronic, automotive and defense industries. .
> >> Food processing, agriculture and national monuments, icons.
> >>
> >> Almann said another challenge is that authorities are often unable
> >> to attribute attacks because of legal and technological challenges.
> >>
> >>
> >> "Never prepare for the last war," Almann said. "We should prepare
> >> for the next war and let me tell you, next time when an attack like
> >> this occurs against any country it will be more painful, it will be
> >> more sophisticated."
> >>
> >> 1105 Media, Federal Computer Week's parent company, sponsored the
> >> GovSec, U.S. Law and Ready Conference and Exposition.
> >>
> >
> >
> > _______________________________________________ To unsubscribe from
> > this mailing list, please visit:
> > http://news.infracritical.com/mailman/listinfo/scadasec
> >
> > To review our privacy statement, please visit:
> > http://www.infracritical.com/privacy.html
> >
> > scadasec at news.infracritical.com
> > http://news.infracritical.com/mailman/listinfo/scadasec
>
> **** For your information: KeySpan is now part of National Grid.****
>
>
> ********************************************************************************
> This e-mail and any files transmitted with it, are confidential to National Grid and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please reply to this message and let the sender know.
>
>
>
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
--
Matthew Franz
http://www.threatmind.net/
More information about the scadasec
mailing list