firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. The Cybersecurity Act of 2009 (was: SCADA) (Chris Blask)
2. Re: Is a full collapse possible? (Jean-Denis Gorin)
----------------------------------------------------------------------
Message: 1
Date: Mon, 20 Apr 2009 17:08:10 -0700 (PDT)
From: Chris Blask <chris@blask.org>
Subject: [fw-wiz] The Cybersecurity Act of 2009 (was: SCADA)
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <796853.37637.qm@web33807.mail.mud.yahoo.com>
Content-Type: text/plain; charset=us-ascii
Michael Balasko <Michael.Balasko@cityofhenderson.com> wrote:
> I can assure you that there are tons of Birkenstock wearing, long bearded multiple Ph.D
> holding guys fighting the good fight who happen to work for the government.
I'm willing to even trust some of them if they have short hair (but only so far...)
>From the looks of things much of this argument is about to become academic. I've just read through the Cybersecurity Act of 2009 - which is now on the table in DC - and put my initial thoughts in order (http://www.motleymoose.com/showDiary.do?diaryId=1289). In general I'm not displeased but the devil is in the details, so I hear.
NIST is being harnessed up (Section 6 "NIST Standards Development and Compliance"), so brace yourself, Emmy.
Also interesting are sections 7 (certification of infosec geeks, as if we weren't already certifiable), 14 (Public/Private Clearinghouse, where EFF blows a fuse) and 18 (aka "In case of emergency, break glass").
If anyone thought the SCADA debate was lively, this one is sure to be a doosie...
-chris
(PS - I imagine there is some Ancient Polish Shared Ancestor at work, Mr. Balasko).
------------------------------
Message: 2
Date: Tue, 21 Apr 2009 13:13:38 +0200
From: Jean-Denis Gorin <jdgorin@computer.org>
Subject: Re: [fw-wiz] Is a full collapse possible?
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <1240312418.49edaa62a5065@imp.free.fr>
Content-Type: text/plain; charset=ISO-8859-1
Hi Marcus,
> Marcus J. Ranum, April 17 2009:
>
> We can worry about the motives of human agents, but
> doesn't it seem much more likely that some piece
> of self-replicating code will get into one of these
> SCADA systems and crash it all to hell? The end
> result is the same.
That already happened, in January 2003, with Slammer worm.
Excert from "SCADA SECURITY ? ADVICE FOR CEOs" by the Austrialian government:
"At the Davis-Besse nuclear power plant in Ohio USA, worm activity on the
Process Control Network blocked SCADA traffic causing the operators to lose
some degree of control of the system. As a consequence, the plant?s Safety
Parameter Display System and Plant Process Computer were downed for four
hours, fifty minutes and six hours, nine minutes respectively."
http://www.ag.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/$file/SCADA+Security.pdf
Ever with strong evidence, they will never learn! :(
JDG
"Reality is that which, when you stop believing in it, doesn't
go away." Philipp K. Dick
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 36, Issue 32
************************************************
No comments:
Post a Comment