Re: Re: More on SCADA (disgruntled insider)
"A disgruntled insider or an engineer who worked on the systems *would* know enough to do lots of damage, but in that case would they need to hack in?"
Suppose you're in the automation industry; lots of people are.
You find out who puts these multi-site-replicated CCGT control systems together (who cares about traffic lights, that's only local chaos, and there's too much variation in them anyway). You wangle a contract there and get the relevant details.
You disappear into other work, and seemingly lose your access, but pass on the relevant details to your partners in crime.
Or via social engineering you get the relevant details some other way.
Some time later your associates have incorporated the necessary details you have provided, and they release their Stuxnet-style weaponised version into the wild.
Before too long, it's done a Stuxnet and crossed the air gap onto the plant network, made itself invisible, and is sitting waiting for the trigger date to unleash its chaos. Olympic opening ceremony could be a good time to hide odd goings on of the noisy kind, but there are plenty other options.
Obviously it can't really happen like that. We fixed ALL the Stuxnet-style holes in technologies, products, and processes, didn't we.
Anybody got any 3kVA silenced diesels going cheap?