[SCADASEC] Protect All Industrial Controllers, Stat!

John Nelson jnelson at svec.coop
Thu Aug 28 11:51:18 CDT 2008 

Bob,
 
I also noticed the original document was offline, but by clicking on the Google link "View as HTML" it is (or at least was) still available.
 
John

________________________________

From: scadasec-bounces at news.infracritical.com on behalf of Bob Radvanovsky
Sent: Thu 8/28/2008 12:25 PM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!



Actually, the discussion came from a blogging web site.  The checklist was identified there.

BTW, the document has been taken offline.  You now receive a "404 error message".

This email message will self-destruct in 5 se.........

----- Original Message -----
From: "Toecker, Michael" [mailto:mtoecker at burnsmcd.com]
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!


>
> Myrc,
>
> Thanks.  I understand that the search works for both. 
>
> My question was 'why' those search terms ("Boreas Vulnerability
> Checklist ") would be used.  Those terms are part of the advisory, which
> a person who didn't have access to the advisory wouldn't use.  They
> appear nowhere in Kevin's email.  If an uninformed person hadn't had
> access to the original advisory, that person would have used the words
> in Kevin's email ("Boreas Firmware Vulnerability "). 
>
> While both return the same results, it tells me that Myrc has access to
> the ISACs (at least one of them), and access to the advisories that come
> from those ISACs.  Otherwise, he would have been ignorant of the
> advisories, and used the listserv (and "Boreas Firmware Vulnerability")
> to find the information.
>
> It's a small tidbit, but important, since the ISACs (and ISAC members)
> are pretty particular about whom they send advisories to. 
>
> Sincerely,
> 
> Michael Toecker
> Control Systems Security Designer
> Compliance & Infrastructure Protection
> Burns & McDonnell Engineering
> 425 South Woods Mill Road
> Suite 300
> Chesterfield, MO 63017
> 
> Office: 314-682-1545
> Cell: 615-948-6954
> www.burnsmcd.com
>
>
> -----Original Message-----
> From: scadasec-bounces at news.infracritical.com
> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Myrcurial
> Sent: Thursday, August 28, 2008 9:09 AM
> To: scadasec at news.infracritical.com
> Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!
>
> I had assumed that like all security professionals, members of this
> list spent sufficient time in the seedier alleys of the internet so as
> to be aware of as much as possible.
>
> Just because the bad guys and the hackers are focussed on the wrong
> attack methodology doesn't mean that they can't do bad things or that
> they fail to have interesting or useful information.
>
> Oh - and your search terms are as effective as mine, in fact, I was
> just being sufficiently precise so as to ensure a perfect search
> return. (Try it - you'd be surprised)
>
> ~M
>
> On Thu, Aug 28, 2008 at 10:04 AM, Toecker, Michael
> <mtoecker at burnsmcd.com> wrote:
> > Now why would you search for "Boreas Vulnerability Checklist"?  That
> > wasn't in any of these emails....  "Boreas Firmware Vulnerability"
> would
> > have been my search term if all I had seen was Kevin's email.
> >
> > Mayhaps you have already seen the advisory?
> >
> > Sincerely,
> >
> > Michael Toecker
> > Control Systems Security Designer
> > Compliance & Infrastructure Protection
> > Burns & McDonnell Engineering
> > 425 South Woods Mill Road
> > Suite 300
> > Chesterfield, MO 63017
> >
> > Office: 314-682-1545
> > Cell: 615-948-6954
> > www.burnsmcd.com
> >
> >
> > -----Original Message-----
> > From: scadasec-bounces at news.infracritical.com
> > [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of
> Myrcurial
> > Sent: Thursday, August 28, 2008 8:56 AM
> > To: scadasec at news.infracritical.com
> > Subject: Re: [SCADASEC] Protect All Industrial Controllers, Stat!
> >
> > It's as public as it can be... Google's got it.
> >
> > http://www.google.com/search?q=boreas%20vulnerability%20checklist
> >
> > It appears that DHS leaks through the water isac. (wow, that was bad
> > even for me...)
> >
> > The trick appears to be "do what?"
> >
> > ~M
> >
> > On Thu, Aug 28, 2008 at 9:47 AM, Toecker, Michael
> > <mtoecker at burnsmcd.com> wrote:
> >> Kevin,
> >>
> >> I've received this advisory as well.  To answer your questions:
> >>
> >> 1.  Yes, both advisories appear to be talking about the same
> >> vulnerability.
> >> 2.  No, no discussion has taken place to my knowledge about this
> >> vulnerability on this listserve.  The advisories were released as DHS
> >> "FOUO", which means that the information contained within the
> > disclosure
> >> cannot be released to the public, media, or other personnel without
> >> valid need-to-know or DHS approval.
> >>
> >> Sincerely,
> >>
> >> Michael Toecker
> >> Control Systems Security Designer
> >> Compliance & Infrastructure Protection
> >> Burns & McDonnell Engineering
> >> 425 South Woods Mill Road
> >> Suite 300
> >> Chesterfield, MO 63017
> >>
> >> Office: 314-682-1545
> >> Cell: 615-948-6954
> >> www.burnsmcd.com
> >>
> >>
> >> -----Original Message-----
> >> From: scadasec-bounces at news.infracritical.com
> >> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Kevin
> >> McGrath
> >> Sent: Thursday, August 28, 2008 8:17 AM
> >> To: scadasec at news.infracritical.com
> >> Subject: [SCADASEC] Protect All Industrial Controllers, Stat!
> >>
> >> Howdy,
> >>
> >>> INDUSTRIAL CONTROLLER SYSTEM VULNERABILITY
> >>
> >> We received a 8/11/08 "Cyber Security Communique" from the AGA on
> 8/15
> >> and today I get forwarded a NERC advisory with the below heading
> dated
> >> 8/27/08:
> >>
> >>> INDUSTRY ADVISORY: ES-ISAC: "Boreas" Firmware Vulnerability
> >>
> >> 1) Are they talking about the same thing?
> >>
> >> 2) Has this been discussed here or elsewhere already & I may have
> > missed
> >> it?
> >>
> >> INL testing results seem to have generated at least the NERC alert.
> >>
> >> IMHO, both alerts seemed to be of a very general nature as in "check
> > all
> >>
> >> your controllers ASAP and do something".
> >>
> >> Thanks,
> >> Kevin
> >>
> >>
> >>
> >>
> >
> ************************************************************************
> >> ********
> >> This e-mail and any files transmitted with it, are confidential to
> >> National Grid and are intended solely for the use of the individual
> or
> >> entity to whom they are addressed.  If you have received this e-mail
> > in
> >> error, please reply to this message and let the sender know.
> >>
> >> _______________________________________________
> >> To unsubscribe from this mailing list, please visit:
> >> http://news.infracritical.com/mailman/listinfo/scadasec
> >>
> >> To review our usage policy, please visit:
> >> http://www.infracritical.com/usage-scadasec.html
> >> _______________________________________________
> >> To unsubscribe from this mailing list, please visit:
> >> http://news.infracritical.com/mailman/listinfo/scadasec
> >>
> >> To review our usage policy, please visit:
> >> http://www.infracritical.com/usage-scadasec.html
> >>
> > _______________________________________________
> > To unsubscribe from this mailing list, please visit:
> > http://news.infracritical.com/mailman/listinfo/scadasec
> >
> > To review our usage policy, please visit:
> > http://www.infracritical.com/usage-scadasec.html
> > _______________________________________________
> > To unsubscribe from this mailing list, please visit:
> > http://news.infracritical.com/mailman/listinfo/scadasec
> >
> > To review our usage policy, please visit:
> > http://www.infracritical.com/usage-scadasec.html
> >
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our usage policy, please visit:
> http://www.infracritical.com/usage-scadasec.html
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our usage policy, please visit:
> http://www.infracritical.com/usage-scadasec.html
>
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec

To review our usage policy, please visit:
http://www.infracritical.com/usage-scadasec.html




--------------------------------------------------------------------
Will we have the electricity we will need and can afford in the future? 
Start a dialogue with your elected officials at: www.OurEnergy.coop 


SVEC Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient (or authorized to receive for the recipient), any review, copy, use, disclosure, or distribution is prohibited. If you have received this message in error, please contact the sender by reply e-mail and destroy all copies of the original message and any attachments.

More information about the scadasec mailing list