Ha! I love it when people I know get their 15 minutes. Scott Lunsford from ISS IBM was interviewed in Forbes on Wednesday on the security posture of the US critical infrastructure.

From Forbes:

The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant’s owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM’s Internet Security Systems, found otherwise.

“It turned out to be one of the easiest penetration tests I’d ever done,” he says. “By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant. I thought, ‘Gosh. This is a big problem.'”

In retrospect, Lunsford says–and the Nuclear Regulatory Commission agrees–that government-mandatsafeguards would have prevented him from triggering a nuclear meltdown. But he’s fairly certain that by accessing controls through the company’s network, he could have sabotaged the power supply to a large portion of the state. “It would have been as simple as closing a valve,” he says.

I’m sure that the infrastructure types will be up in arms about this article but, I know Scott. He actually knows what he is talking about and he is damn good at his job. Sadly, the same article went on to give Ganesh Devarajan more press for his Defcon talk.

Read on.

Article Link (via Slashdot)

[tags]SCADA, SCADA Security, Critical Infrastructure[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *