http://www.csoonline.com/article/694707/experts-advise-caution-information-sharing-in-wake-of-alleged-utility-attacks By George V. Hulme CSO November 21, 2011 Experts in the security of critical infrastructure have had the weekend to digest news that a public utility water pump in Springfield, Ill. was destroyed at the hands of remote attackers who were able to gain access to the SCADA systems controlling it. Their initial advice: Share any information that can minimize or stop the next attack, but don't jump to conclusions. Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat, initially broke the news on his blog. A spokesman from the U.S. Department of Homeland Security (DHS) did confirm the incident, but would not confirm whether it was an attack. "At this point it seems the facts of the incident are still not known. My sources indicate hackers may have nothing to do with this event, but they also told me the investigation is just starting," says Richard Bejtlich, chief security officer at IT security firm MANDIANT. "It's important to differentiate between the threat to critical infrastructure (which is overestimated) and the vulnerability in critical infrastructure (which is underestimated)." A hacker known as "pr0f" would seem to agree with Bejtlich's assertion that the vulnerabilities within the critical infrastructure are underestimated. Pr0f took exception with the DHS' public response to the incident and published images to Pastebin as alleged proof that access was achieved at a SCADA system in South Houston. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Nov 22 2011 - 00:44:27 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 00:46:27 PST