September 28, 2004





Nuclear in the news today

There are two interesting piece of news concerning nuclear security. The first one is from the BBC. The Kyrgyz authorities had arrested 2 men that tried to sell 60 small containers containing plutonium-239. Who said that terrorists or other criminal groups don't have the power to find and buy such material? This is possible that the news isn't true. This is possible that the Kyrgyz government to prove something to the Russian or American government invented this. However, personally I think that such a situation is possible. Think about it 2 seconds. The CIA probably doesn't have many agents in the central Asia zone since 1980 or 1990. The US army have a base in Uzbekistan but they are confined here. We need to rely on local governments for such investigation and probably the world security. The problem is that they have their own problems. Is that possible the Kyrgyz government had arrested them? If it's true, praise them. Is that the first time that criminals try to buy/sell such products on the black market? I doubt. Why a country where 80% of their weddings are done with kidnapped women care about some criminals that sell/buy plutonium on their territories? The possibility exists; but I have doubts. What's freaky is that we rely on such governments(there governments in central Asia) to do the work that concerns us. We need to change our mentality and put back our agents on the field where the things append. When I say "we", I talk about the countries that care about their homeland security or countries that need to care about it.



[In addition to the post: 02 October 2004]
-----------------------------------------------

It was finally a false alarm. It suppose to be in reality 55 old-fashioned Soviet smoke detectors. I warn you in the first edition of the post that this was possible that this piece of news was not real or true. However most of the facts remind I said on the subject remain.

-----------------------------------------------

The other piece of news is from SecurityFocus. They talk about cyber attacks against nuclear facilities. There are some interesting things that they said and that I want to think about:The fact: "Last year the Slammer worm penetrated a private computer network at Ohio's idled Davis-Besse nuclear plant and disabled a safety monitoring system for nearly five hours. The worm entered the plant network through an interconnected contractor's network, bypassing Davis-Besse's firewall". The solution they found to resolve the problem: "News of the Davis-Besse incident prompted Rep. Edward Markey (D-MA) last fall to call for U.S. regulators to establish cyber security requirements for the 103 nuclear reactors operating in the U.S., specifically requiring firewalls and up-to-date patching of security vulnerabilities". It's sure that they have problems with their firewalls and vulnerability updates. But for the specific case of what append at Davis-Besse, the best firewall and latest updates would not stop the virus. Why? Because he propagated himself through the contractor's network. The point here is to demand the same level of network security to their contractors. Any security system with a backdoor is not secure at all.

What if the contractor is bribed or menaced by a criminal group? Security is not just about firewalls and security updates. It's more than that. You need to think about things that you don't think about. It's not just a process; it's a way of thinking. It's like doing a great discovery. You need a mind shift, imagination. You need to understand how your enemies work and think. You need to understand how your employees work, think and react in certain situation. Personally I see a great deal of psychology in security (any type of security), I'm I paranoiac? Security is not distributed in distinct parts, it's a whole.

There is a hope when you finish to read the article:

"A working draft of the NRC guide reviewed by SecurityFocus would encourage plant operators to consider the effect of each new safety system on the plant's cyber security, and to develop response plans to deal with computer incidents. Additionally, it would urge vendors to maintain a secure development environment, and to probe their products for backdoors and logic bombs before shipping."

But as I said, this is not just a question backdoors and logic bombs in software. However they are in the good way because we can see that they are preoccupied by their sofware development companies and their interaction with them.

There is not any link between these two piece of news. But I think that it's a good opportunity to think about the problem. There are probably many things that I don't understand in the situation, but if I base my thoughts on what I perceive, there is a real problem for the world security.

10:03:51 PM        [comment []]    [trackback []]


© Copyright 2005 FredOnSomething.
 






Subscribe with Bloglines
Subscribe with MyMsn
Subscribe with MyMsn
Subscribe with MyMsn

Technorati

Click here to send an email to the editor of this weblog.



September 2004
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
Aug   Oct











Google search