<div dir="ltr">Hi Ron,<div><br></div><div style>You're making a big assumption here -- that the software on the computer can be updated. Many SCADA applications are only validated on VERY specific configurations and aren't updated to every new version. SCADA really shouldn't be on the internet, and workers really shouldn't be plugging flash drives into SCADA.</div>
<div style><br></div><div style>David</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 18, 2013 at 5:27 PM, Ron Frazier (ALE) <span dir="ltr"><<a href="mailto:atllinuxenthinfo@techstarship.com" target="_blank">atllinuxenthinfo@techstarship.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
Step 1 - configure basic os and operational software from trusted sources<br>
Step 2 - configure av, but it has to be updated, which could be a problem<br>
Step 3 - scan the machine<br>
Step 4 - TURN AUTOPLAY OFF - applies to Linux too<br>
Step 5 - backup the machine locally<br>
Step 6 - backup the machine offsite, or at least in a second location in a fireproof bunker<br>
Step 7 -maybe make a master backup on an mdisc or something so it's permanent<br>
Step 8 - when the machine must be updated, scan the update media first on a separate system with autoplay off<br>
Step 9 - do the update and create a second set of backups<br>
Step 10 - repeat until 3 - 6 entire sets of backups are in place<br>
<br>
OK I'm not a security guru and there are many variations on this theme. But, that wasn't TOO hard to figure out. It wouldn't necessarily protect too well against zero day exploits. But, since I solved their problem, I want their salary.<br>
<br>
Ron<br>
<div><div class="h5"><br>
<br>
Sergio Chaves <<a href="mailto:sergio.chaves@gmail.com">sergio.chaves@gmail.com</a>> wrote:<br>
<br>
><a href="http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1" target="_blank">http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1</a><br>
><br>
>Sometimes you just gotta say, WTF???<br>
><br>
>"US-CERT, which is part of the U.S. Department of Homeland Security,<br>
>declined to identify which power plant was affected, and did not say<br>
>whether the facility was operating on nuclear or conventional power.<br>
>Industrial control systems frequently use Windows-based computers to<br>
>run their specialized software, but they rarely run antivirus software<br>
>because these computers aren’t connected to outside networks. However,<br>
>using a USB drive to perform updates is common on these systems."<br>
>"US-CERT, which is part of the U.S. Department of Homeland Security,<br>
>declined to identify which power plant was affected, and did not say<br>
>whether the facility was operating on nuclear or conventional power.<br>
>Industrial control systems frequently use Windows-based computers to<br>
>run their specialized software, but they rarely run antivirus software<br>
>because these computers aren’t connected to outside networks. However,<br>
>using a USB drive to perform updates is common on these systems."<br>
><br>
>_______________________________________________<br>
>Ale mailing list<br>
><a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
><a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>See JOBS, ANNOUNCE and SCHOOLS lists at<br>
><a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
<br>
</div></div>--<br>
<br>
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.<br>
Please excuse my potential brevity.<br>
<br>
(To whom it may concern. My email address has changed. Replying to former<br>
messages prior to 03/31/12 with my personal address will go to the wrong<br>
address. Please send all personal correspondence to the new address.)<br>
<br>
(PS - If you email me and don't get a quick response, you might want to<br>
call on the phone. I get about 300 emails per day from alternate energy<br>
mailing lists and such. I don't always see new email messages very quickly.)<br>
<br>
Ron Frazier<br>
<a href="tel:770-205-9422" value="+17702059422">770-205-9422</a> (O) Leave a message.<br>
linuxdude AT <a href="http://techstarship.com" target="_blank">techstarship.com</a><br>
<div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>David Tomaschik<br>OpenPGP: 0x5DEA789B<br><a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br><a href="mailto:david@systemoverlord.com" target="_blank">david@systemoverlord.com</a>
</div>