Monday, August 18, 2003

I'm not holding my breath...

There has been much discourse in the last few days about the source of the power outage. First it was a fire at the Niagra plant. Then it was lightning. Now it's an equipment failure in Ohio.

The more paranoid types have been relating the power failure to the oddly coincidental worm infection. According to this article, it has been discounted. If you read the article, no solid claim has been made in either case. The strongest point in the article is that a security research director finds it difficult to believe that an industry would use Windows to control its equipment.

Gee, does anyone else remember the Microsoft commercials in which the guy changes the color of the car being painted to match a purse? (Hint: that's Windows being used in industry!) Aggregate that with the "no one's been to the server room in days" commercial and various less-clueful industries might have bought Windows believing that they were getting the most secure OS for their industry.

Would someone please tell Rueters that if they want a quote about security in the power industry, they should be talking to the security experts IN the power industry, not printing opinion from someone who didn't have anything to do with the design of the control systems (or their security) at the power plant.

The article contains only opinion from people "out of the loop". Quotes such as this, from "recognized experts," lessens the veracity of any future statement made by any other security person.

Mr. Paller, shut up.