>From - Sat Mar 02 00:57:20 2024
Received: by 10.224.173.141 with SMTP id p13mr6582964qaz.5.1323180434939;
Tue, 06 Dec 2011 06:07:14 -0800 (PST)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.229.193.7 with SMTP id ds7ls5496130qcb.1.gmail; Tue, 06 Dec
2011 06:07:11 -0800 (PST)
Received: by 10.224.188.203 with SMTP id db11mr20482227qab.4.1323180431086;
Tue, 06 Dec 2011 06:07:11 -0800 (PST)
Received: by 10.224.137.16 with SMTP id u16msqat;
Mon, 5 Dec 2011 16:53:10 -0800 (PST)
Received: by 10.52.88.164 with SMTP id bh4mr23145392vdb.8.1323132789846;
Mon, 05 Dec 2011 16:53:09 -0800 (PST)
Received: by 10.52.88.164 with SMTP id bh4mr23145391vdb.8.1323132789829;
Mon, 05 Dec 2011 16:53:09 -0800 (PST)
Return-Path: <david..._at_gmail.com>
Received: from mail-vw0-f41.google.com (mail-vw0-f41.google.com [209.85.212.41])
by gmr-mx.google.com with ESMTPS id bu17si7197810vdc.0.2011.12.05.16.53.09
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 05 Dec 2011 16:53:09 -0800 (PST)
Received-SPF: pass (google.com: domain of david..._at_gmail.com designates 209.85.212.41 as permitted sender) client-ip=209.85.212.41;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of david..._at_gmail.com designates 209.85.212.41 as permitted sender) smtp.mail=david..._at_gmail.com; dkim=pass (test mode) head..._at_gmail.com
Received: by mail-vw0-f41.google.com with SMTP id fn1so2374370vbb.14
for <tscm-..._at_googlegroups.com>; Mon, 05 Dec 2011 16:53:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:x-mailer:thread-index:content-language;
bh=/T2t0Sq5ALAbwOYYnyL/8DydiQ4ULseX55+8paKbxBU=;
b=XUxII5hdNJh9H1AC/McoBm8H4P+FyUH4ZX6kfsRJBs6cpKn31TFCxT5gU44YjiTznP
DHL7p2Q3rZd2hZJvc/OwXMF4VMZNvwK+CSZIZ/ZKUHdrUTXtkd/6ZZHdoaNutdLFXTdt
CHJNvlAlVJdbQv6T63gS0REzbSSeRhN20bG+8=
Received: by 10.52.178.70 with SMTP id cw6mr6442201vdc.6.1323132789713;
Mon, 05 Dec 2011 16:53:09 -0800 (PST)
Return-Path: <david..._at_gmail.com>
Received: from DavidJohnsonW7 (dhcp-0-13-46-6-ca-a1.cpe.mountaincable.net. [24.215.27.152])
by mx.google.com with ESMTPS id z6sm18913543vdg.18.2011.12.05.16.53.07
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 05 Dec 2011 16:53:08 -0800 (PST)
From: "David Johnson" <david..._at_gmail.com>
To: <tscm-..._at_googlegroups.com>
References: <SNT107-W3215DD3F0C74C903DC58F6BCB50_at_phx.gbl> <1323086887.77250.YahooMailNeo_at_web125704.mail.ne1.yahoo.com>
In-Reply-To: <1323086887.77250.YahooMailNeo_at_web125704.mail.ne1.yahoo.com>
Subject: RE: [TSCM-L] {5873} Cyber attack on water utility an 'eye-opener'
Date: Mon, 5 Dec 2011 19:53:07 -0500
Message-ID: <016501ccb3b1$6c1cecc0$4456c640$_at_gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0166_01CCB387.8347F630"
X-Mailer: Microsoft Outlook 14.0
thread-index: AQGx/sB/5x1TGp0RfX7DZW40kWr0GADr5ijElfwFZNA=
Content-Language: en-ca
------=_NextPart_000_0166_01CCB387.8347F630
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
As it turns out it was a legitimate access from a consultant that happened =
to be vacationing in Russia at the time he was given the request to access =
the system..=20
=20
David Johnson
23 West 4th, Hamilton, Ontario
=20
This email, the files transmitter with it, and the sender of this email are=
the property of Ultimate Solution and/or its affiliates. This e-mail is c=
onfidential and intended solely for use of the individual or entity to whom=
this e-mail is addressed, if you are not one of the named recipient(s) or =
otherwise have reason to beliee that you have recieved this message in erro=
r, please notify the sender at da..._at_david-w-johnson.com, delete this messa=
ge from your computer, destroy your computer immediately, forget that you h=
ave seen, and turn yourself over to the proper authorities. Any other use,=
retention, observation, dissemination, consideration, recollection, forwar=
ding, ridicule, printing, viewing, copying or unauthorized memorization of =
this e-mail without the express of written consent of Canadian Football Lea=
gue is strictly prohibited. The contents of this e-mail are not intended to=
be taken literally. Void where prohibited by law or common sense. Not val=
id in Newfoundland, Nunavik, and the Xinghua Province of China. Condiments=
available upon request. Some conditions may apply. Some assembly required=
. Batteries not included. A transcript of this e-mail is available free of=
charge. Cash Value =3D 1/500th of one cent. All Rights Reserved 2011
=20
Cyber attack on water utility an 'eye-opener' for security professionals
By Whit Richardson - <
http://www.securitydirectornews.com/index.php?p=3Dfu=
llindex&ad=3D20111122> 11.22.2011 <
http://www.securitydirectornews.com/se=
ndemail.php?id=3Dsd201111LG1HHC> =20
=09
YARMOUTH, Maine=E2=80=94A cyber attack that apparently originated in Russia=
and targeted a water utility in Illinois may be the purview of IT security=
specialists, but it should be of concern to all security professionals wit=
h responsibilities over vital infrastructure, say utility security experts =
who spoke with Security Director News.
The cyber attack, which targeted the Curran-Gardner Township Public Water D=
istrict, apparently took place on Nov. 8 and was traced to an IP address in=
Russia. By taking remote control of the Supervisory Control and Data Acqui=
sition (SCADA) systems, the attackers were able to burn out a water pump. H=
owever, the event wasn't widely reported until Nov. 17, when Joe Weiss, a w=
ell-known expert on cyber security of utilities, wrote about the attack, ci=
ting a report from the Illinois Statewide Terrorism and Intelligence Center=
.
Though the cyber attack's only result was a burned-out pump at a small Illi=
nois water utility, Allan Wick, security manager for the Tri-State Generati=
on and Transmission Association and chairman of the ASIS Utilities Security=
Council, told Security Director News it's a very significant event. "This =
is the first documented instance in the United States of a SCADA system of =
a critical infrastructure being compromised," he said.
People have been talking about the potential for such an attack for years, =
Wick said, but not everyone in the utilities sector took the threat serious=
ly. The event should be an "eye-opener" for security professionals with res=
ponsibility over vital infrastructure, Wick said. "Take the threat seriousl=
y," he said. "It's not someone crying wolf."
Wick works in the electric utility sector, which has national standards for=
physical and cyber security developed and enforced by the North American E=
lectric Reliability Corp. (NERC). However, no binding security standards ex=
ist for water utilities, according to Scott Stephens, a security analyst wi=
th the city of Austin's water utility. Water differs from electricity becau=
se each water utility is independently controlled and operates within its c=
ommunity alone, Stephens told Security Director News. Any standards would l=
ikely come from the American Water Works Association, but Stephens hasn't h=
eard of any attempts to standardize physical and cyber security measures, o=
ther than voluntary guidelines. "We haven=E2=80=99t seen a need for it yet,=
" he said.
That has now changed, Stephens said. Before the recent attack, he said the =
threat of outside attacks on the SCADA systems of vital infrastructure was =
not taken seriously. "There has been information and urging from security p=
rofessionals that we need to work on cyber security, but I think most peopl=
e are still concentrated on physical security and haven't really seen the n=
eed," Stephens said. "Now we see the need."
Though this hack represents a failure of IT security, Stephens said the vul=
nerabilities could originate with those in charge of broader security respo=
nsibilities, such as keeping track of what outside vendors have access to y=
our property and systems. "We give vendors passwords to get in," Stephens s=
aid. "Those people can become a real threat to your security. It's not just=
those inside your company. It's people working for you. =E2=80=A6 That com=
es back to doing thorough background checks on people doing work on your pr=
operty."
=20
------=_NextPart_000_0166_01CCB387.8347F630
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"
http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
=3D"text/html; charset=3Dutf-8"><meta name=3DGenerator content=3D"Microsoft=
Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#defaul=
t#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
_at_font-face
=09{font-family:Calibri;
=09panose-1:2 15 5 2 2 2 4 3 2 4;}
_at_font-face
=09{font-family:Tahoma;
=09panose-1:2 11 6 4 3 5 4 4 2 4;}
_at_font-face
=09{font-family:Verdana;
=09panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0cm;
=09margin-bottom:.0001pt;
=09font-size:12.0pt;
=09font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
=09{mso-style-priority:99;
=09color:blue;
=09text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
=09{mso-style-priority:99;
=09color:purple;
=09text-decoration:underline;}
p
=09{mso-style-priority:99;
=09mso-margin-top-alt:auto;
=09margin-right:0cm;
=09mso-margin-bottom-alt:auto;
=09margin-left:0cm;
=09font-size:12.0pt;
=09font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
=09{mso-style-priority:99;
=09mso-style-link:"Balloon Text Char";
=09margin:0cm;
=09margin-bottom:.0001pt;
=09font-size:8.0pt;
=09font-family:"Tahoma","sans-serif";}
span.yiv3608720authordetail
=09{mso-style-name:yiv3608720author_detail;}
span.EmailStyle20
=09{mso-style-type:personal-reply;
=09font-family:"Calibri","sans-serif";
=09color:#1F497D;}
span.BalloonTextChar
=09{mso-style-name:"Balloon Text Char";
=09mso-style-priority:99;
=09mso-style-link:"Balloon Text";
=09font-family:"Tahoma","sans-serif";}
.MsoChpDefault
=09{mso-style-type:export-only;
=09font-size:10.0pt;}
_at_page WordSection1
=09{size:612.0pt 792.0pt;
=09margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
=09{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><span style=3D'f=
ont-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>As it tur=
ns out it was a legitimate access from a consultant that happened to be vac=
ationing in Russia at the time he was given the request to access the syste=
m.. <o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size:11.=
0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></sp=
an></p><div><p class=3DMsoNormal><span lang=3DEN-CA style=3D'font-size:11.0=
pt;font-family:"Calibri","sans-serif";color:#1F497D'>David Johnson<o:p></o:=
p></span></p><p class=3DMsoNormal><span lang=3DEN-CA style=3D'font-size:11.=
0pt;font-family:"Calibri","sans-serif";color:#1F497D'>23 West 4th, Hamilton=
, Ontario<o:p></o:p></span></p><p class=3DMsoNormal><span lang=3DEN-CA styl=
e=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:=
p> </o:p></span></p><p class=3DMsoNormal><span lang=3DEN-CA style=3D'f=
ont-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>This emai=
l, the files transmitter with it, and the sender of this email are the prop=
erty of Ultimate Solution and/or its affiliates.=C2=A0 This e-mail is confi=
dential and intended solely for use of the individual or entity to whom thi=
s e-mail is addressed, if you are not one of the named recipient(s) or othe=
rwise have reason to beliee that you have recieved this message in error, p=
lease notify the sender at da..._at_david-w-johnson.com, delete this message f=
rom your computer, destroy your computer immediately, forget that you have =
seen, and turn yourself over to the proper authorities.=C2=A0 Any other use=
, retention, observation, dissemination, consideration, recollection, forwa=
rding, ridicule, printing, viewing, copying or unauthorized memorization of=
this e-mail without the express of written consent of Canadian Football Le=
ague is strictly prohibited. The contents of this e-mail are not intended t=
o be taken literally. Void where prohibited by law or common sense.=C2=A0 N=
ot valid in Newfoundland, Nunavik, and the Xinghua Province of China.=C2=A0=
Condiments available upon request. Some conditions may apply.=C2=A0 Some a=
ssembly required.=C2=A0 Batteries not included. A transcript of this e-mail=
is available free of charge.=C2=A0 Cash Value =3D 1/500th of one cent.=C2=
=A0 All Rights Reserved 2011<o:p></o:p></span></p></div><p class=3DMsoNorma=
l><span style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";color:=
#1F497D'><o:p> </o:p></span></p><div><div><div><p class=3DMsoNormal st=
yle=3D'background:white'><span style=3D'font-size:10.0pt;font-family:"Arial=
","sans-serif";color:black'><br><br></span><span style=3D'color:black'><o:p=
></o:p></span></p><div id=3Dyiv3608720><div><div><table class=3DMsoNormalTa=
ble border=3D0 cellspacing=3D0 cellpadding=3D0 width=3D"100%" style=3D'widt=
h:100.0%;background:white'><tr><td style=3D'padding:0cm 0cm 0cm 0cm'><p cla=
ss=3DMsoNormal><b><span style=3D'font-family:"Arial","sans-serif";color:#3C=
89BF'>Cyber attack on water utility an 'eye-opener' for security profession=
als<o:p></o:p></span></b></p></td></tr><tr><td style=3D'padding:0cm 0cm 0cm=
0cm'><p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><span class=3Dyiv=
3608720authordetail><b><span style=3D'font-size:8.5pt;font-family:"Verdana"=
,"sans-serif";color:#027DC8'>By Whit Richardson</span></b></span><span styl=
e=3D'font-size:9.0pt;font-family:"Arial","sans-serif";color:#BD0000'> =
- <a href=3D"
http://www.securitydirectornews.com/index.php?p=3Dfullind=
ex&ad=3D20111122" target=3D"_blank"><b><span style=3D'color:black;text-=
decoration:none'>11.22.2011 </span></b></a><a href=3D"
http://www.secu=
ritydirectornews.com/sendemail.php?id=3Dsd201111LG1HHC" target=3D"_blank"><=
b><span style=3D'font-size:8.5pt;color:black;text-decoration:none'> <i=
mg border=3D0 id=3D"_x0000_i1025" src=3D"
http://www.securitydirectornews.co=
m/images/email.gif"></span></b></a> <o:p></o:p></span></p></td></tr><tr><td=
width=3D511 valign=3Dtop style=3D'width:383.25pt;padding:0cm 0cm 0cm 0cm'>=
<table class=3DMsoNormalTable border=3D0 cellpadding=3D0 align=3Dright><tr>=
<td style=3D'padding:.75pt .75pt .75pt .75pt'></td></tr></table><p class=3D=
MsoNormal style=3D'margin-bottom:12.0pt'><span style=3D'font-size:9.0pt;fon=
t-family:"Arial","sans-serif"'><br>YARMOUTH, Maine=E2=80=94A cyber attack t=
hat apparently originated in Russia and targeted a water utility in Illinoi=
s may be the purview of IT security specialists, but it should be of concer=
n to all security professionals with responsibilities over vital infrastruc=
ture, say utility security experts who spoke with <i>Security Director=
News</i>.<br><br><br><br>The cyber attack, which targeted the Curran-Gardn=
er Township Public Water District, apparently took place on Nov. 8 and was =
traced to an IP address in Russia. By taking remote control of the Supervis=
ory Control and Data Acquisition (SCADA) systems, the attackers were able t=
o burn out a water pump. However, the event wasn't widely reported until No=
v. 17, when Joe Weiss, a well-known expert on cyber security of utilities, =
wrote about the attack, citing a report from the Illinois Statewide Terrori=
sm and Intelligence Center.<br><br><br><br>Though the cyber attack's only r=
esult was a burned-out pump at a small Illinois water utility, Allan Wick, =
security manager for the Tri-State Generation and Transmission Association =
and chairman of the ASIS Utilities Security Council, told <i>Security =
Director News</i> it's a very significant event. "This is the fir=
st documented instance in the United States of a SCADA system of a critical=
infrastructure being compromised," he said.<br><br><br><br>People hav=
e been talking about the potential for such an attack for years, Wick said,=
but not everyone in the utilities sector took the threat seriously. The ev=
ent should be an "eye-opener" for security professionals with res=
ponsibility over vital infrastructure, Wick said. "Take the threat ser=
iously," he said. "It's not someone crying wolf."<br><br>Wic=
k works in the electric utility sector, which has national standards for ph=
ysical and cyber security developed and enforced by the North American Elec=
tric Reliability Corp. (NERC). However, no binding security standards exist=
for water utilities, according to Scott Stephens, a security analyst with =
the city of Austin's water utility. Water differs from electricity because =
each water utility is independently controlled and operates within its comm=
unity alone, Stephens told <i>Security Director News</i>. Any standard=
s would likely come from the American Water Works Association, but Stephens=
hasn't heard of any attempts to standardize physical and cyber security me=
asures, other than voluntary guidelines. "We haven=E2=80=99t seen a ne=
ed for it yet," he said.<br><br><br><br>That has now changed, Stephens=
said. Before the recent attack, he said the threat of outside attacks on t=
he SCADA systems of vital infrastructure was not taken seriously. "The=
re has been information and urging from security professionals that we need=
to work on cyber security, but I think most people are still concentrated =
on physical security and haven't really seen the need," Stephens said.=
"Now we see the need."<br><br><br><br>Though this hack represent=
s a failure of IT security, Stephens said the vulnerabilities could origina=
te with those in charge of broader security responsibilities, such as keepi=
ng track of what outside vendors have access to your property and systems. =
"We give vendors passwords to get in," Stephens said. "Those=
people can become a real threat to your security. It's not just those insi=
de your company. It's people working for you. =E2=80=A6 That comes back to =
doing thorough background checks on people doing work on your property.&quo=
t;<o:p></o:p></span></p></td></tr></table><p class=3DMsoNormal><o:p> <=
/o:p></p></div></div></div></div></div></div></div></body></html>
------=_NextPart_000_0166_01CCB387.8347F630--
Received on Sat Mar 02 2024 - 00:57:20 CST