Forwarded from: "Skroch, Michael" <mjskroc@private> I agree the article doesn't have enough information to distinguish the power producer from any other information system or critical infrastructure provider subject to exposure to hackers. There is no mention of connectivity between their IT enterprise and a SCADA network. The claims of similar outages to Italy and the eastern US are unfounded references given there is no or little cyber connection to those events. On the other hand, many critical infrastructure providers are connected to the Internet, so there shouldn't be surprise that this power provider is also exposed in that way. mike -- Michael J. Skroch (skraw) Manager, Information Operations Red Team & Assessments http://www.sandia.gov/iorta/ -----Original Message----- From: InfoSec News [mailto:isn@private] Sent: Thursday, October 02, 2003 11:38 PM To: isn@private Subject: RE: [ISN] Hackers threaten power network Forwarded from: "Moyer, Shawn" <SMoyer@private> Is there anyone connected to the I-net who doesn't have "daily visits from trespassers"? Not saying there aren't people out there targetting power grids, but this reads like fluff / FUD to me. I'd like to know how many of the "daily visits" have been verified through forensics and analysis as bonafide directed attacks rather than the usual worm-of-the-week / trojan-of-the-week noise. That said, WHAT the HELL is Norway's power grid doing connected to the INTERNET? At a minimum all management systems and networks directly related to power production should be on separate address space / DMZ's, or even better, air gap. --shawn -----Original Message----- From: InfoSec News [mailto:isn@private] Sent: Thursday, October 02, 2003 4:46 AM To: isn@private Subject: [ISN] Hackers threaten power network http://www.aftenposten.no/english/local/article.jhtml?articleID=636486 30 Sep, 2003 Norway's power grid is subject to aggressive hacking every day, carried out by computer terrorists apparently intent on cutting electricity to wide areas of the country. Agencies in charge of power production and the network have so far managed to thwart their efforts. Employees at Statkraft, Norway's largest power producer, are being forced to use tremendous resources to maintain the so-called "fire walls" in its computer system. If they fail, Norway may be subject to the same kind of massive power failures that recently hit Italy, eastern Canada and the US. "We have daily visits from trespassers who try to break into our system," Tor Inge Akselsen of Statnett told newspaper Aftenposten Tuesday. Statnett is in charge of Norway's power network. Neither Statkraft nor Statnett know who they're up against, only that it's critically important to keep their systems secure. A massive power failure in Oslo would halt all trains and trams and disrupt everything from mobile phone traffic to street lights. Back-up generators in key areas, however, would provide power to government offices, hospitals, broadcast outlets and the main airport at Gardermoen. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 06 2003 - 02:15:16 PDT