Yesterday Nancy Bartels over at ControlGlobal.com left a very interesting teaser about a hacked water treatment plant control system. Very few details, but what she posted should have everyone in the control system security community in a tizzy trying to figure out what is going on.
The thing that disturbs me most (it wasn’t my system so the hack ‘wasn’t that big a thing’) is her first bullet point:
“The disclosure was made by a state organization, but has not been disclosed by the Water ISAC, the DHS Daily unclassified report, the ICS-CERT, etc. Consequently, none of the water utilities I have spoken to were aware of it.”
If this really happened (I’m not questioning Nancy’s veracity, but without her sources being disclosed I have to include that “IF”) ICS-CERT has (if they knew about the incident, again not known) completely failed the ICS security community in not spreading the word far and wide.
If ICS-CERT has published this as one of their “FOUO” limited distribution things, they need to be horsewhipped in the public square. An actual attack on a live control system in the United States has both security and political implications. Congress needs to look into this situation before the Thanksgiving weekend.
Posts
No comments:
Post a Comment