Wednesday, August 03, 2011

In Passing: Bubba Smith

Bubba Smith
February 28, 1945 – August 3, 2011

Tuesday, August 02, 2011

Researchers Warn of SCADA Equipment Discoverable via Google

Elinor Mills writes on C|Net News:

Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status" for a Remote Terminal Unit, like those used in water treatment plants and pipelines, that appeared to be connected to the Internet. The result also included a password--"1234."

That's like putting up a billboard saying SCADA (Supervisory Control and Data Acquisition) system here and, oh by the way, here are the keys to the front door.

More here.

Debt Deal Could be a Blow for Cybersecurity

Aliya Sternstein writes on

The $2.1 trillion debt-cap pact that Congress passed Tuesday could hurt economic and national security as agencies postpone plans to invest in cybersecurity technology and hire more network specialists due to uncertainty over potential program cuts, computer security advisers say.

The legislation automatically chops about $1 trillion from federal activities outside of entitlement programs through spending caps between 2012 and 2021. Separately, a $1.2 billion across-the-board cut will kick in if a joint congressional committee cannot reach agreement on additional deficit reduction measures by December.

The belt-buckling is happening at a time when nation-states are believed to be stealing market-moving and security-sensitive information from computers belonging to corporations and policymakers. And businesses cannot afford or are unwilling to pay for the security to do anything about it, according to some experts.

"The main problem is that the call to shrink government and rely on the private sector and markets to address public problems guarantees weak cybersecurity," said James A. Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who has advised the Obama administration on policy matters. "A government small enough to drown in a bathtub is no match for advanced foreign opponents."
More here.