Scary SCADA FUD

At a SANS SCADA conference in New Orleans, CIA senior analyst Tom Donohue reported that cyberattacks have caused multi-city power outages outside the United States.
Rob Rosenberger writes a good article about this here.
It is pretty scary to know that there are forces out there plotting to keep us in the dark with no heat or AC. But why am I getting sidetracked with what some people want to require in California.,
This reminds me of another time SANS reported that hackers had threatened the life of scientists at the south pole. They purportedly hacked an environmental control system and attempted to extort payment or all the scientists would freeze to death. According to this Kevin Poulsen article, a FOIA request uncovered a memo about that incident which said it was minor. “Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted” by the Romanian hackers, “we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole.”
It sounds to me that in both this south pole case and this new report of blackouts that the threat of cyberterrorism is being promoted in order to advance an agenda. Without details its just FUD.
Of course utilities should be taking precautions, but if the past decade is any indication the public has more to worry about from hurricanes (New Orleans) and general screwups (northeast blackout).

2 Comments

  1. Hey Roger,
    I’m not sure if I’d call Rosenberger’s article “good,” as it makes at least one major factual mistake — the kind of error that he’s always blasting journalists for making. (disclosure: I am a journalist; I enjoy reading Rosenberger’s site)
    “Paller told an audience in New Orleans… that the CIA told him that some terrorists out there, somewhere, had crippled entire regions of the earth with electrical blackouts.”
    That’s not true. Donahue spoke to the conference himself.
    Of course the big question is *where* did these attacks occur? Inside jobs in corrupt countries with little or no security controls — not so worrisome.
    I think it’s good to be skeptical about this stuff, but if you’re going to blast people for getting their facts wrong… get your own facts straight.

  2. I appreciate your thoughtful comment. I agree that if you’re going to call people out for things like that you can’t make the same mistake. Of course Rob is just relying on InformationWeek. From his editor’s comments, he knew Donahue spoke, but was abusing the article for humor. I’m just glad to have Rob back posting.

Comments are closed.