Motley Moose – Archive

Crossposted from Infosec Island

[Note: “SCADA” and “ICS” are essentially interchangeable terms for “Critical Infrastructure”. ICS is “Industrial Control Systems” and it doesn’t really matter what SCADA means for our purposes here.]

The root problem with SCADA security is that control systems have been built on the concept that devices can be trusted.

Since everything else about SCADA is based on the concept that devices can never be trusted (“Sure, the temperature in the boiler should stay at such-and-such, but I would like to monitor the hell out of it, anyway.”), once you get your head around the idea that you cannot trust your cyber devices either you find that it fits with existing industrial ideology quite well.

The solution to industrial cyber security is to do your best to build a reliable cyber system – just as you do with the physical assets in the industrial process – then monitor it like a convicted criminal in solitary confinement.

According to Politico:

Mitt Romney and Michele Bachmann are leading a crowded field in the heavily-watched Des Moines Register poll out tonight, the first of the cycle and the one that is the starting gun for the race to the Ames Straw Poll.

According to the Associated Press, the Register poll shows Romney receiving 23 percent of support from likely GOP caucus-goers, while Bachmann gets 22 percent.

Herman Cain, the former pizza chain CEO, took third place, with 10 percent, while no one else broke double digits. Newt Gingrich and Ron Paul tied at 7 percent, while Tim Pawlenty got 6 percent, just ahead of Rick Santorum, with 4 percent.

If a tree falls in the forest and only crazy people hear it, did it really make a noise?

Consider this an oddly Open Thread.

After commenting on our dis-graceful handling of our affair with Puerto Rico I had a bit of a population ponder.

When I was old enough to crunch some numbers I learned that our planet had three billion people on it. I was told that in the living memory made voice before me it had been been one and a half billion. With just a bit more casting about for source information in the early 1970s I learned that it had been scientifically proven that the earth could sustain no more than 3.5 billion people under any circumstances.

We were doomed.

(Knowing Meese are a polymorphic bunch, I will share an article I wrote for InfosecIsland on the response by Siemens, Sony and Cisco to recent security failures in their products or services. -chris)

In the wake of Siemens’, Cisco’s and Sony’s recent experience with Incident Management, the question of diligence comes clearly to the fore. Diligence is the nebulous factor that is key in demonstrating that others should put their trust in you, whether it is a matter of investing in your company or measuring your compliance or just deciding if it is safe to get in your car with you late on a Saturday night.  

Today another bully has been, apparently, brought to justice. This morning an LAPD SWAT team surrounded an apartment building and brought out one of the two punks who nearly beat the father of my daughter’s classmate to death for being a baseball fan. My satisfaction at the capture of this scumbag rivals and reflects the feeling I had when another evil prick met his comeuppance in recent weeks.

Dear Mr. Herman Cain, in regards to your recent interview, please find enclosed comments we feel will better prepare you for your next job opportunity.

The evolution of events that has led up to the past few days has been hard to put into perspective. More than the events of the weekend, large parts of the population are swinging inside their own heads in their view of Barack Obama in the context of their entire time with him. For many it may be hard not to  experience it similar to the moment when you realize that your quiet card partner hasn’t been just sitting there but has actually lined things up to win the game. He laid his trump out for all to see, and when someone has them all there isn’t anything anyone can say about it.

As with automobiles, the new model year is out early in GOP 2012 presidential candidates. Advertising is flowing fast and furious to convince the buying public that Brushforward Styling and Birther Bumpers are All The Rage for 2012. Whether more than half of interested parties will sign on the dotted line after the salesman talks football with his manager (“I have to clear this Special Deal with my boss, you hang tight right here”) is an open question.

What do you think? Will the puppy eat the reconstituted beef gristle and pork snouts?

Consider this an olfactorialy offensive Open Thread.

A lot of arguments have been put forward against the current military intervention in Libya. While I understand the arguments of those who are sincere with their criticisms of the choices of the US President I believe that win or lose this action is the correct one to take at this time.

Our involvement in Libya is about Libya, but it also about the whole of the Arab Spring. What is at stake is the possible – just possible – attainment of every major liberal goal for millions upon millions of people. The ultimate success of the Arab Spring would do more for human rights in the world than all efforts towards that goal combined could possibly hope for.

Where is Eman al-Obeidy?

A successful Arab Spring could lead to an African Fall. The population of effectively sadistic oppressive regimes in the world could fall dramatically in a few short years. Coming decades could see vibrant cities and societies where the very idea today is seen as so absurd as to not even enter serious conversation. Continental swathes of land soaked with blood, suffering and injustice could be saved from perpetual grinding hopelessness.

If my country did not at least try do what we can to foster this fragile moment of hope I think I would consider joining the cynics who believe we have lost our value in the world.