As you probably know by now, there was no lightnight strike and the failure did not start at Nigara. As for our city's reptile of a Mayor he claimed power would be back on in queens by 11pm. It wasn't on until 6am Friday. On Friday night there were still areas that were down in lower Manhattan. Certainly, I'd expect whatever FUD explanation to be most profitable to the NeoCONS to be the eventual reason for the outage, so they can push USPATRIOT V3.0.1 - the one where they add brown alert to the color scheme. Of course CON-Ed would say "Blame Canada." I expect nothing less. Did anyone catch the Shrubbya interview? I think it was on CNNFN or MSNBC or one of those neonews channels... The one where he was busy sweating in the sun's heat in his blue Armani dress shirt while, his face browned from the sun, playing golf. The one where he regurgitated what he had been spoon fed by his PR guys? At one instant he shrugged his shoulders as he said it's an old grid, and it will need to be fixed, and then he went back to golfing. Showing how much he cares about the plight of the east coast. More than likely I suspect the truth is that the grid is indeed outdated and something simply couldn't handle the load. Whenever politicians, and bureaucrats are involved, the outcome is the same: Chief Executive Asshole: "Why should we spend $X million to fix it? It's still running?" Techie: "Because it's running at 95% capacity, and any small spike will cause a big problem." CEA: "But it's been fine for the last 20 years, I'd rather keep the cash and give myself a bonus, and then lay off extraneous employees. We can outsource them to India." Techie: "It's outdated, it will collapse." CEA: "So what? When it does, if it does, we'll hit Uncle Sam for more money, meanwhile I have another yacht to purchase. In any case, it won't likely collapse while I'm still here, and I'll retire soon enough, not my problem... and don't let the door hit your ass on your way out. I don't want ass prints on my brand new gold plated door." ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Fri, 15 Aug 2003, John Young wrote:

Are you suggesting the outage was caused by carbon filaments rocketed across transmission lines? If that was done at several points in the grid it would account for the various finger-pointing to incidents which are claimed to have started the usual-suspect "cascade" of the usual-suspect "antiquated" system that was "not supposed to fail but it did."

On Friday 15 August 2003 22:29, Chris Kuethe wrote:

On Fri, 15 Aug 2003, Harmon Seaver wrote:

...

Somehow I have difficulty believing the these people could be so totally lame as to be running mission-critical stuff like this on windoze. Please say it isn't true.

it's scary just how much mission-critical stuff runs on windows. i'll confess right now to being a unix zealot, so the thought of anything mission critical (beyond hotmail and freecell) on windows is scary.

It's not just the reliance on Windows that's scary. It's the mindset of the industrial controls industry, where the concept of security is percieved as a hassle for the end customer, and therefore something to be avoided. 10 years ago, I was developing a data collection and reporting program for the aircraft industry. The project suffered from creeping featurism, and one of the desired features was adding dialup data exchange, so the collection apps could send their data to a central location via modem. When I asked how much security was wanted on the dialup port, I was told that none was necessary because no one would ever attack the system, and anyway, the data were not interesting to outside parties. 10 years ago, perhaps that was an understandable position, though certainly naive. (I still put in a minimal challenge/response layer, if only to discourage the C-64 kids with wardiallers) A few weeks ago, I sat in on a meeting to talk over design of a TCP/IP Ethernet interface for an existing control system. When I asked what security provisions were envisioned for this interface, I was told that the system was not intended for deployment on publicly routed network segments, so there was no need for any security protocol.

i know of some fairly large installations running control systems for power generation on windows. these same sites then give the vendors access to the system via vpn across the internet. sure there are firewalls, but i don't have faith in the long-term maintenance of the vendor sites.

I've just returned from an extensive training seminar on OPC controls technology. The acronym stands for "OLE for Process Control", and it's a Microsoft-centric technology built on top of DCOM. Agt the lower end, OPC would let you control a PLC from Excel. Given the compressed schedule of the course (normally three weeks, it was compressed to two for our class) and my previous experiences, I didn't try to discuss security at all. But I noticed no authentication layer at all. Apparently, the security Microsoft natively provides for controlling DCOM traffic is all that such an application has available. And as far as I can tell, that would be none. I suppose I do get a bit of entertainment from the looks on the engineers' faces when I bring up threat models and attack scenarios. Most of them are indifferent. Some are confused. Some are annoyed. And one or two have understood the threat, but told me that I shouldn't talk to corporate about such things because it would make the sales force nervous. The reactions of sales droids (and even management) has been either dismissive (there is no threat) or hostile (I'm the threat). The most entertaining episode was back when UPS was first deploying their DIAD electronic clipboard, and I asked what steps were being taken to protect the signature data in transit. (There was no protection at all; the signature data were retained in the clear and could be dumped by any device that knew the protocol. I believe this is still the case.) That eventually produced a regional manager who visited the small company where I was employed. He was visibly irritated that anyone would even ask about such things, and answered every threat scenario I presented with "That would never happen!" He stalked off in a huff after I asked him how he would feel if his digitized signature, obtained legitimately when he received a package, were to appear at the bottom of an incriminating document faxed to his general manager. Ironically, several of my jobs have included IT duties along with my usual engineering tasks. Those same sales droids and engineers that scoffed at the need for security in their industrial controls applications came running to me frantically when their workstations became infected with SirCam or Klez. Security, as Schneier says, is a process. It's also a mindset, and I think one either has the mindset or he doesn't. And for those that don't have it, it is *very* difficult to impart.