“That you guys don't know what Bugtraq is basically proves that the SCADA industry and users are a decade or more behind in terms of security and shows us why we're in such a mess.”My Apologies
I apologize to the folks at Bugtraq and SecurityFocus.com for not giving them appropriate recognition for their work on this matter. It was completely unintentional. The link provided by the DHS ICS-CERT Alert goes to the Bugtraq archives on SecList.org and I did not track it back any further than that.
And no, until yesterday I had never heard of Bugtraq or SecurityFocus.com. Nor do I suspect that many in the SCADA user community had heard of them either. That is one of the reasons that I am addressing these issues in my blog. Many of us in the SCADA user community are just now becoming aware of the extent of the cyber security issues facing our control systems. We (collectively) had assumed that our systems were immune to the well known IT security issues because of their isolation and complexity. Big mistake, I know, and it is a mistake that I am trying to help correct in this blog.
I can’t comment about the SCADA security community’s knowledge of Bugtraq because I just operate on the very fringes of that community, sucking in as much knowledge as I can. I do have to say that the professionals in the SCADA security community that I have had contact with, or have been following on the Internet, seem to be very committed, intelligent, and involved people, very passionate and knowledgeable about their work. I would suggest that ascribing my lack of knowledge to that community is unfair.
I do appreciate the comment by Anonymous for pointing out just one more area where my knowledge is lacking, the more I learn the less I know.
No comments:
Post a Comment