[Cryptography] North Korea and Sony

Henry Baker hbaker1 at pipeline.com
Wed Dec 10 21:42:31 EST 2014

At 06:19 PM 12/10/2014, dan at geer.org wrote:
>Henry Baker writes:
> | At 11:55 AM 12/9/2014, dan at geer.org wrote:
> | >"Banks Dreading Computer Hacks Call for Cyber War Council" Bloomberg, July 8, 2014
> | >
> | >www.bloomberg.com/news/print/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council.html
> | >
> | >  It says the concerns are "compounded by the dependence of financial
> | >  institutions on the electric grid," which is also vulnerable to
> | >  physical and cyber attack.
> | 
> | More of Michael Hayden's fear-mongering about the electric grid.
> |  <snip>
>Well, the discussion we were having was about nation-state actors,
>so I'm tempted to interpret the material you provided -- with which
>I am *not* arguing -- as a clear and present indicator that state
>level actors seeking to damage the U.S. should act sooner rather
>than later as, per your materials, the sooner they act the more
>vital the electric grid is at the time they take action since said
>grid will not be as vital tomorrow as it is today, etc.
>Kelly Ziegler from NERC gave a 2010 USENIX talk (*) which is relevant
>to this topic (even if this topic is irrelevant to a crypto list).
>In the Q&A after the talk, she noted that due to the large firmware
>sizes in SmartGrid meters compared to the low achievable bandwidth
>for IP-over-powerline, re-flashing a fully US-deployed SmartGrid
>metering infrastructure would iequire approximately one calender
>year elapsed.  One might then advise the nation state actor that
>unless the future includes no metering at all, it will matter little
>whether generation plants go the way of the dodo and, in turn, an
>investment in attack tools aimed at the distribution system, however
>residual centralized generation may become, will have value.
>(*) Ziegler K, "The Future of Keeping the Lights On,"

Great reference to reflashing all the "smart" meters!  These
"smart" meters may be the biggest waste of money since Reagan
reactivated a battleship.  The electric utilities are dying,
and meters, smart or dumb, won't save them.  Spend the money
on micro- or nano-grids that fit into your own garage.

Re nation-state actors:

This has always been true; the US is terribly vulnerable to
hacking because it is the most "advanced" in the application
of computer networking.  However, due to many in the computer
security industry & recently catalyzed by Snowden, the US is
waking up and things will become more secure.  No thanks to
the NSA's weakening of our defenses, however (Didn't soldiers
used to get shot for falling asleep during guard duty?  How
is weakening commercial encryption any different from simply
opening the city gates to the enemy ?)

Perhaps the US should have thought twice more about loosening
the Stuxnet; the US had more to lose than anyone else from a
similar attack, and we showed everyone else how to do it!  I
learned as a kid that people who live in glass houses shouldn't
throw stones, and Stuxnet was a pretty big stone.

(Curiously, Obama used "glass houses" as an incorrect biblical
reference yesterday.)

More information about the cryptography mailing list