Comment from Jake Brodsky
Time: June 22, 2007, 12:56 pm

From the Cisco First Mile Wireless site:
/With the Cisco First Mile Wireless solution, oilfields and ocean rig platforms can network SCADA controls, maintenance sensors, mobile service workers, physical security assets, service vehicles and location service tags, as well as integrate mobility services, such as wireless voice over IP, video and guest access./

–This is either a very bad joke or someone’s clearly playing with less than a full deck of cards. What on earth is all that extra crap doing in an application that is supposed to be designated for SCADA infrastructure?

I notice as well that it’s aimed at IT organizations who happen to manage SCADA systems. With the Cisco name on it you can be sure they’ll be buying this critter in droves. What they do with it after that is anyone’s guess. Somehow the SCADA side of this seems to be an afterthought. “Here’s our environmentally hardened wireless router, and oh by the way, it can handle SCADA traffic too.”

I think this is a disaster waiting to happen.

Comment from Greg Morningstar
Time: June 25, 2007, 9:41 am

The Industrial Defender site does have some legitimate “incidents,” but two of the water items have absolutely nothing to do with “cyber security.”

Chippewa Falls’ elevated tank overflowed because they lost a remote site level signal–not from any nefarious tampering. The Spencer Water System was contaminated with lye because maintenance didn’t clear a system to be put back in automatic, and an operator did not respond to a functioning alarm. A secondary computer system failed to alert others.

These are both clear-cut cases of operator error, or “benign” SCADA/HMI glitches. Cyber threats are really out there, and we need to protect against them, but it doesn’t help make our case when things like the preceding are hyped as “critical infrastructure incidents.”

–GAM

Comment from Jake Brodsky
Time: June 25, 2007, 7:59 pm

Greg Mornistar’s comments are very much on target. However, I need to point out something that Joe Weiss says: If we were attacked, how would we know? What would it look like?

I think it would look a lot like the incidents that Greg cited. It’s not hard to fool operators in to thinking all sorts of things that aren’t. We should point out that these are industrial incidents involving control systems, not real attacks. I don’t think they belong in the same database as actual attacks. But we should study them anyway because they offer us some insight as to how someone could attack a SCADA system.

Comment from Ron Southworth
Time: June 25, 2007, 9:06 pm

Hi Jake & Everyone,

I think they should be recorded and discussed also so that we can improve from each others mistakes and the lessons they can teach us all.

With respect to threats real, imagined or otherwise it is largely an acceptable fact that the number of reported incidents is substantially less than what is the total sum of incidents occurring. Figures that are suggested are that we are only seeing 20% or less of the total incidents into the mainstream public arena.

We need to have credible incident data all the same and this is something that will take some time to realise.

In the interim we need to focus on acheiving best practices and supporting each other to attain the highest level of acheivement of practices regardless of what regulation or standards have been mandated. This is what it important for us all to focus on. Finding buisness cases to support funding these practices is the biggest hurdle and challenge we have to face in reality the technical side is so much easier!

Comment from Ralph Langner
Time: June 26, 2007, 9:52 am

“I think this is a disaster waiting to happen.” — Me too, Jake. Especially the VoIP and streaming video stuff is hairy. It’s a bit frightening to imagine some IT managers actually buying in on this salespeople noise.