[SCADASEC] Major Linux security hole found

Kevin McGrath kmcgrath at keyspanenergy.com
Wed Feb 13 07:40:01 CST 2008 

> I am sure they would
>> love to have a solution to absolutely avoid insider attacks.

Howdy,

Not a solution but one way to mitigate this threat is to hire & retain 
people that your trust and do whatever is in your power as a manager to 
keep then from becoming disgruntled for any reason. You would also need 
to keep you staffing levels as samll as possible for the obvious reason 
of being able to monitor your people as closely as possible. It would 
also be nice to have the support staff be as centralized in one place as 
possible.

This also means you have to do a REAL good job of vetting any new hires 
and take drastic action if or when an employee starts behaving "badly". 
You also need to watch them very closely during their "probie" status 
and get ready to fast fail them quickly. I wouldn't think this is a 
place for touchy-feely HR behavior.

I know doing all that is hard but the only other thing I can think of is 
to pray real hard before you go to bed at night and/or drink a few 
blasts of Irish whiskey. :-)

Regards,
Kevin
--
Kevin M. McGrath, CISSP, TCSP-P
Lead Analyst | US-Gas Management System (GMS)
Critical National Infrastructure (CNI) | National Grid
Office: (718)403-2910 | Cell: (917)939-8569 Nextel 172*86*2119
kmcgrath at keyspanenergy.com


ljknews wrote:
> At 4:19 PM -0600 2/12/08, Clint Bodungen wrote:
> 
>> I *was*, in fact, only speaking of a remote/outside attack.  I purposely
>> left out the insider aspect because if you already have an insider on a
>> critical system capable of executing a privilege escalation exploit,  you're
>> already screwed.  An insider with mal-intent, and even less skill, can still
>> do much worse than execute a stupid privilege escalation attack. 
> 
> Any organization confident that they have eliminated all
> possibility of having a malicious insider should get out
> of whatever business they are in and switch over to doing
> personnel consulting for vulnerable organizations, including
> those US government agencies who have had top secret data
> deliberately compromised by insiders.
> 
> Perhaps most egregious was the Walker case where a US Navy
> insider gave/soldcrypto  keying data.  I am sure they would
> love to have a solution to absolutely avoid insider attacks.

**** For your information: KeySpan is now part of National Grid.**** 


********************************************************************************
This e-mail and any files transmitted with it, are confidential to National Grid and are intended solely for the use of the individual or entity to whom they are addressed.  If you have received this e-mail in error, please reply to this message and let the sender know.

More information about the scadasec mailing list