Bad (Insecure) Business Decisons [Was: Re: [funsec] IPv6, C&C (not bot
nets, coffe and cats)]
fergdawg at netzero.net
Fri Jun 29 22:02:45 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
- -- "Brian Loe" <knobdy at gmail.com> wrote:
>No, Fight Club was simply blowing up "all" of the credit companies.
>This is more along the lines of shutting down ALL water, natural gas,
>electric and financial systems. Funny that SCADA/DCS networks have
>been getting some airtime of late - the more they make connections to
>it the more likely something like this is possible and not just a
>There are utilities out there that if you got in you'd have water,
>power and a lot of street lights to play with...very bad.
I've a number of conversations with several people on this issue
in the past few months that go something along the lines of:
Me: "You'd be shocked if you knew the extent of the problem."
Them: "Huh? Aren't critical systems like electrical power, etc.
not connected to the Internet?"
Me: "You'd think they wouldn't be, but you'd be wrong."
Some astoundingly stupid business decisions may put critical
infrastructure at risk?
How you ask?
Consider this simple scenario.
A regional electric company wants to remotely read residential
meters for electric consumption, but does not want to invest in
installing their own infrastructure (read: laying new fiber or
hybrid-fiber coax [HFC]) to do so, and makes a business decision
(everything boils down to dollars and cents) to use existing
infrastructure (read: Internet VPN-style connectivity) to accomplish
Boggles the mind, eh? This exact scenario exists today.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
-----END PGP SIGNATURE-----
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec