Does this pass the smell test?

Siobhan Gorman of the Wall Street Journal had an interview with CSPAN radio on April 11th based on her article on cyber spies in the US electric grid.  When asked how the evidence was found, she said the intelligence agencies installed special detection mechanisms that picked up the evidence, not the power companies.  The control system cyber forensics for power companies, and other industries, are marginal at best. As I mentioned earlier, I know of two electric utilities that recently had cyber incidents with brand new control systems. In both instances, the cyber logging was not sufficient to identify “who” or “when”.  This was a shortcoming of the LOGIIC program for oil/gas. They have a high-powered inference engine for cyber diagnostics, but little, if any cyber information to feed it. If the intelligence agencies do have this capability, why isn’t being used throughout critical infrastructure?

Control system cyber forensics will be an item of discussion at the October ACS Control System Cyber Security Conference in Washington.

Joe Weiss
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • <p>I can't believe that a journalist in her twenties with apparently zero background in scada security remains in the headlines with, again, saying NOTHING. I'm afraid that by continiuing this story, you justify many asset owners' preoccupation that scada security is just one big puffy FUD item with no substance, Joe. If "the intelligence acencies" talk to Miss Gorman, why don't they talk to you, or Walt? </p>

    Reply

  • <p>I got a sense from the CSPAN interview that Ms. Gorman may not have understood the information she got from the "intelligence agencies." </p> <p>Here's what I suspect she was told: There are back-doors in most embedded computers installed on industrial control systems. Others are studying those back doors to exploit them. She may have mistaken this to mean that the back doors were installed by those other intelligence agencies. We all know it is far more likely that these bits of code were probably installed for debugging purposes by the company that created the product. </p> <p>And gosh, if I were in a red team, I'd go looking for embedded snippets like that too. I suspect it's not just the Chinese and the Russians doing this, it's the Indians, the Pakistanis, the Israelis, the British, and so on and so forth. In fact, I know of a certain security firm who recently published a paper about just such an exploit! ;-) </p>

    Reply

RSS feed for comments on this page | RSS feed for all comments