BlackOut2003 - "More sutainted Software/IT needed?"
news at RobertMichel.de
Sat Aug 23 17:54:45 UTC 2003
after the BlackOut 2003 the massmedia were only looking for symptomes for the
big black out, but not for reasons why it was so big. So I started to do
research on Saterday last week and now 7 days later non-stop working on it I
fould a lot of facts like
- the enegy industrie has a big problem with IT-security
- that there have been a Slammer worm attack at the Davis-Besse nuclear power
plant on 25.01.2003 inside the control network
- there was no firewall between business and control network
- power plants use Windows 2000
- SCADA, used for controll and comand case in the energie sector is not secure
- SCADA use Port 135, the same as W32.Blaster
- the EoD gave hints how to secure SCADA in 21 (!) steps
- on 13.08.2003 the NERC anounced a "Cyber Security Standard"
- power plants use unencrypted WLAN
- there are important SCADA comunications over public internet
- The Departemant of Homeland Security has call on blocking port 135
(when it is not realy needed for business) to power plants and ISPs
I will not say why it was - but the energy companies are in big IT-trouble!
On the second look, this big problems are a big trouble for the IT branche,
I fear that action which will now takes will conceal only the symptomes and
will not solve the reasons. Actions of the Departemant of Homeland Security
are also a likely danger that some IT-firms which are friends of the
Bush-adminsitration, will influce the "Cyber Security Standard" and other
actions in their interest.
My result is that it is needed to call for "More sutainted Software" and IT
I have a 70kB German text with English quotes written to be maby published
at the online-magazin telepolis www.heise.de/tp
What are your opinion about this?
Would be great if some experiant German-reading person would contact me.
And I would like feedback of a FSF-Speaker to answer me questions for this
-Go to http://www.nrc.gov/reading-rm/adams/web-based.html
- Use "Advanced Search"
-Search for "Davis-Besse" & Filter with "worm"
- Press "Search"
- Open " 1. (91) Davis-Besse - Worm Virus Infection E-Mail.
ML031040567 2003-04-02 7
05000346 NPF-003 2003-04-02 2003-04-15 --------- FOR INFORMATION ONLY---------
WORM VIRUS INFECTION On January 25, 2003 a server on the Plant Network was
thought to be infected with the MS- SQL Server Worm. The consequence of the
infection was large amount
More information about the Discussion