Posts
![[Most Recent Quotes from www.kitco.com]](http://kitconet.com/charts/metals/gold/t24_au_en_usoz_2.gif)
![[Most Recent Quotes from www.kitco.com]](http://kitconet.com/charts/metals/silver/t24_ag_en_usoz_2.gif)
![[Most Recent USD from www.kitco.com]](http://www.weblinks247.com/indexes/idx24_usd_en_2.gif)
The Power of Nightmares - Part 63
Thursday, September 27, 2007
This report, featuring a video produced for the Department of Homeland Security, is not going to sit well with the millions and millions of baby boomers who are, today, just praying that their home will be worth enough money so that they can still borrow against it to make ends meet and grow old with some amount of dignity.
The image of an electrical power generator shaking violently and belching smoke after a few anonymous keystrokes from somewhere far away should serve to reinforce the fear and uncertainty that now seem to be an integral part of the American way of life.
A related story led the ABC Evening News yesterday - in this case it was the threat of Chinese hackers doing dastardly deeds on U.S. government and corporate computer systems, "reaching out through cyberspace" to shut the lights off and stop the trains from running.
Yes, cell phones would probably stop working too.
This is nothing new. Having worked a bit in the internet security area ten years ago, these same warnings have been heard from many parts of the technology industry for many, many years. It is, however, a bogeyman with which the typical American is unfamiliar and, for that reason, you are likely to hear more on this subject.
For more on The Power of Nightmares see Wikipedia and the BBC.
9 comments:
It sounds like someone got up on the wrong side of the bed this A.M. Interesting nonetheless.
When Homeland Security having to run ads to justify itself, I think it's time we got rid of it. This is THE problem with government solutions to anything. If they don't work or go wrong, it is very difficult to get rid of them.
DHS ranks just above TSA in the bottom end of the law enforcement scale, according to hubby's FBI friends (yeah, he does computer security too, Tim)
The FBI agents consider them a joke.
Howdy! The AP article that accompanied the video claims that the vulnerability has been fixed. I don't mean to stoke the fires of panic and paranoia, but it appears that DHS is still not being totally honest about this "currently" resolved problem. The date in the video is 3/4/2007, but according to these articles, http://navastream.com/News_Releases_03112005.shtml and http://www.washingtonpost.com/wp-dyn/articles/A25738-2005Mar10.html, the test was actually conducted in March 2005. Additionally, the vulnerability of SCADA devices indirectly connected to the internet was demonstrated around the time of the Northeast-Midwest Blackout of August 2003, when supposedly "secure" computer systems in a nuclear power plant were infected by the Blaster/Nachi worm. Fortunately, the reactor was shutdown for maintenance at the time, but this was supposed to be the wake-up call for the SCADA industry to think about cybersecurity. Of course, the gov't already knew about the dangers of SCADA devices when it sabotaged the Russian gas pipeline as part of Farewell. www.cia.gov
The fact that it took this long to figure out a fix, that DHS is supposed to be leading the drive to secure critical infrastructure, and yet seems to have no real authority to force compliance by power companies, gas utilities, refineries, or chemical plants is just plain scary. As one of the other posters pointed out, this is just a chance for DHS to look needed. Forward-dating the demo tape makes the window of vulnerability appear smaller, purely for revisionist, feel-good, statistical purposes.
I'm not anti-gov't. I know some people in the alphabet security agencies who truly believe in what they do and try to make a difference everyday. The way this SCADA stuff is being presented is a disservice to them. If the problem is truly fixed, make a full disclosure, pull no punches, and end each story with "happily ever after". Save the Boogeyman/exploding stuff for the items still on the "to do" list.
If the gov't really wants me to trust them and believe what they tell me, then be honest with me. Throw out hedonic indexing for CPI, the flawed birth/death jobs model, and use plain english to discuss monetary policy and what you hope to accomplish with it. Oops... I think I've just revealed to the world what an absolute raving lunatic I really am...
Sorry about the earlier rant. Curiouser and curiouser...
I just got a chance to catch up on today's news at home, and I'm less certain of the facts as presented. The AP/Yahoo News story was the only version to mention a software "fix" for the SCADA vulnerability, but then went on to say how difficult but devastating such an attack could be... hmmm. That's reassuring...
CNN, meanwhile, gets the award for most melodramatic video. Their segment goes into detail about how our Just In Time society would implode faster than a subprime mortgage lender if the electricity got cut off for more than three days. And then they really pile it on with the Mother of All Nightmare Scenarios...
AP/Google News just released an update claiming that DHS improperly disclosed details of this threat to the electrical grid. Way to go, DHS! The article still maintains that the Aurora Generator Test was performed earlier this year, instead of back in 2005. (See my previous post for links that still contradict the "official" story.)
With journalism like this, I can't wait for tomorrow's batch of headlines...
BTW, thanks Tim, for linking to "The Power of Nightmares" video, and your earlier review of "American Theocracy". I've been a long-time lurker on your blog, and I'm still surprised by the interesting bits I find here.
Say again why is this exactly a concern a baby boomers, as opposed to Americans in general?
Thanks for all the info Roger.
The attacks they were probably looking at were in this family:
http://defcon.org/html/defcon-15/dc-15-speakers.html#Devarajan
As a current security expert, I can verify that these kinds of attacks are very possible, and generally not very challenging, since control networks are usually built for electrical robustness, and not so much for security.
That said, these attacks have been possible for literally decades in some cases. When DHS is facing increasing political hostility and decreasing popular support, this has to look a little bit like an attempt to drum up some relevancy.
Post a Comment