eWeek ate my hamster
Last summer I interviewed Space Rogue and did a story on his history of security hype: A cyber terrorist ate my hamster.
I must now report that the process is alive and well, courtesy of eWeek.
Over the last couple of days the media has been full of a story about two virus outbreaks in US scada installations. eWeek is clear in its own story USB Storage Drive Loaded With Malware Shuts Down Power Plant:
The U.S. Computer Emergency Readiness Team reports that a U.S.-based power generating facility was shut down after a contract employee introduced malware into the turbine control systems and into engineering workstations. The contractor routinely used his USB drive to perform updates on control systems as well as workstations in the power plant.
I would just like to point out, very politely, that this is what is known in polite circles as a ‘lie’. ICS CERT did not say that.
I covered this story in Infosecurity Magazine way back on January 4: The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way.
The truth is less dramatic than eWeek suggests – although dramatic enough. The virus was discovered while the system was in a scheduled shutdown. It delayed its restart, it did not cause its shutdown. But that’s far less dramatic and far less worrying…
The next stage in the security hype process is for politicians to seize on the eWeek story to justify the need of the next draconian piece of anti-terrorist cyber legislation, or the next exponential increase in some LEA’s budget request. Journalists really should read what they talk about before they talk about what they haven’t properly read.