Siemens SCADA Hacking Talk Pulled From TakeDownCon 104
alphadogg writes "A planned presentation on security vulnerabilities in Siemens industrial control systems was pulled Wednesday over worries that the information in the talk was too dangerous to be released. Independent security researcher Brian Meixell and Dillon Beresford, with NSS Labs, had been planning to talk Wednesday at a Dallas security conference about problems in Siemens PLC systems, the industrial computers widely used to open and shut valves on factory floors and power plants, control centrifuges, and even operate systems on warships. But the researchers decided to pull the talk at the last minute after Siemens and the US Department of Homeland Security pointed out the possible scope of the problem."
Re:Security through obscurity (Score:2, Interesting)
That's not the bit that scares me the most. The bit that scares me the most is that anyone with an ounce of skill in reverse engineering can identify the security flaws used, and anyone with an ounce of skill in assembly can disassemble Stuxnet, alter what it targets, and launch the new variant.
By banning the talk, the DHS is preventing US industries from protecting themselves against economic warfare. Plenty of nations (China and Russia especially) are investing in cyber-warfare. There's plenty of amateurs out there with axes (albeit often as delusionary as the DHS') to grind. It is simply not excusable for the US to be placed in this kind of danger.
For what purpose? Siemans can't get a worse rep than to be accused of having worked with virus writers. The consumers can't exactly switch from SCADA to Infiniband or other rival networking technologies. The exploit is public knowledge.
Who, then, is going to be protected?
Re:In other words (Score:5, Interesting)
Other facilities were less secure. I remember getting a panicked call from someone shouting "The Damns gonna bust!!!" They had a single "Circuit" they paid about $20 a month for that was nothing more that a single copper that ran from some building to the local damn. They'd apply +5 volts to the line to open the damn, and -5volts and it would close. They'd reacted too slowly to rising waters and it had flooded the copper pair they used to control the damn. They wanted us to send a phone tech into their overflowing damn to repair the circuit so they could open it from the safety of their administrative building. They had a hard time understanding my near hysterical laughter.