Security Lessons Learned from California Power Outage | #scada #cisp #DHS

The 9th of September 2011 saw a power outage in the U.S. affecting 5 million people in the area of Southern California — the root cause analysis of which is said to have been one single employee switching out a piece of problematic equipment. The upshot of this single act is nevertheless extremely worrying, as it manifested in traffic chaos, cancelation of flights, the shutting down of two nuclear reactors, a widespread impact on business, and on the residents.

This event does, however, raise a number of questions and points back to the long debate about the security of Supervisory Control and Data Acquisition (SCADA) systems, which are considered, in some cases, to host a soft underbelly for cyber attacks. There is also the question of timing — whilst I do understand the public notice, let us be honest here — if this were anything other than a mistake by an employee, would the public really expect to be told? Additionally, if a single employee's mistake, with just one piece equipment can have such a devastating consequence on what is national critical infrastructure, then what does this tell us about security, change management, and of course, business continuity?

Read full article: http://bit.ly/p7970Z