[Cryptography] North Korea and Sony

dan at geer.org dan at geer.org
Wed Dec 10 21:19:18 EST 2014


Henry Baker writes:
 | At 11:55 AM 12/9/2014, dan at geer.org wrote:
 | >"Banks Dreading Computer Hacks Call for Cyber War Council" Bloomberg,
 | July 8, 2014
 | >
 | >www.bloomberg.com/news/print/2014-07-08/banks-dreading-computer-hacks-call-
 | for-cyber-war-council.html
 | >
 | >  It says the concerns are "compounded by the dependence of financial
 | >  institutions on the electric grid," which is also vulnerable to
 | >  physical and cyber attack.
 | 
 | More of Michael Hayden's fear-mongering about the electric grid.
 |  <snip>

Well, the discussion we were having was about nation-state actors,
so I'm tempted to interpret the material you provided -- with which
I am *not* arguing -- as a clear and present indicator that state
level actors seeking to damage the U.S. should act sooner rather
than later as, per your materials, the sooner they act the more
vital the electric grid is at the time they take action since said
grid will not be as vital tomorrow as it is today, etc.

Kelly Ziegler from NERC gave a 2010 USENIX talk (*) which is relevant
to this topic (even if this topic is irrelevant to a crypto list).
In the Q&A after the talk, she noted that due to the large firmware
sizes in SmartGrid meters compared to the low achievable bandwidth
for IP-over-powerline, re-flashing a fully US-deployed SmartGrid
metering infrastructure would iequire approximately one calender
year elapsed.  One might then advise the nation state actor that
unless the future includes no metering at all, it will matter little
whether generation plants go the way of the dodo and, in turn, an
investment in attack tools aimed at the distribution system, however
residual centralized generation may become, will have value.

Onward,

--dan

(*) Ziegler K, "The Future of Keeping the Lights On,"
static.usenix.org/events/sec10/tech/slides/ziegler.pdf



More information about the cryptography mailing list