[SCADASEC] Bolivia: Group Threatens Water Cutoff
Jake Brodsky
jakebrodskype at gmail.com
Wed Aug 27 09:28:28 CDT 2008
As for which threat is more capable, it depends upon what resources
you have and what you're trying to achieve.
The manual operation questions are sort of like asking whether
attacking the autopilot of an airplane will make it crash. The answer
is that manual overrides are usually possible and should be practiced
regularly. However, yes, if you can divert the attention of the
operators from the automatic operation, you could cause these things
to happen.
There is an infamous case studied among pilots concerning an airliner
landing near Dulles International Airport many years ago. The captain
lowered the landing gear and did not get all the "down and locked"
indicators to light. All three flight deck staff were focused on a
broken light bulb replacement, and nobody was flying the plane. They
crashed in to the side of a mountain.
This is the sort of diversion that one could use to misdirect
operators. Control System Resource Management (similar to Cockpit
Resource Management training for pilots) ought to be part and parcel
of regular operator training, especially when it comes to security.
Jake Brodsky
On Wed, Aug 27, 2008 at 9:36 AM, Adriel Desautels <adriel at netragard.com> wrote:
> Something that I've been working to wrap my mind around is which threat
> is more capable, cyber or physical?
> Is most of that done manually or by computers? If the computers fail,
> will it still come up in the same amount of time? If the computers fall
> under the control of a rogue malicious hacker, can he/she prevent the
> systems from coming back online? Can a hacker cause a meltdown or
> chemicals to be vented into the air?
More information about the scadasec
mailing list