http://features.techworld.com/security/3311064/after-stuxnet-a-rush-to-find-bugs-in-industrial-systems/ By Robert McMillan Techworld.com 16 October 2011 Kevin Finisterre isn't the type of person you expect to see in a nuclear power plant. With a beach ball-sized Afro, aviator sunglasses and a self-described "swagger," he looks more like Clarence Williams from the '70s TV show "The Mod Squad" than an electrical engineer. But people like Finisterre, who don't fit the traditional mold of buttoned-down engineer, are playing an increasingly important role in the effort to lock down the machines that run the world's major industrial systems. Finisterre is a white-hat hacker. He prods and probes computer systems, not to break into them, but to uncover important vulnerabilities. He then sells his expertise to companies that want to improve their security. Two years ago, Finisterre, founder of security testing company Digital Munition, found himself swapping emails with a staffer at Idaho National Laboratory's Control Systems Security Program, a project funded by the US Department of Homeland Security that is the first line of defense against a cyberattack on the nation's critical infrastructure. Hackers are not hireable by a national laboratory Finisterre caught the attention of INL in 2008, when he released attack code that exploited a bug in the CitectSCADA software used to run industrial control environments. He'd heard about the INL program, which helps prepare vendors and plant operators for attacks on their systems, and he thought he'd drop them a line to find out how good they really were. He was not impressed. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Oct 17 2011 - 22:50:08 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 17 2011 - 22:54:49 PDT