Internet worms and critical infrastructure | CNET News.com: "Did MSBlast cause the Aug. 14 blackout? The official analysis says 'no,' but I'm not so sure. A November interim report a panel of government and industry officials issued concluded that the blackout was caused by a series of failures with the chain of events starting at FirstEnergy, a power company in Ohio. A series of human and computer failures then turned a small problem into a major one. And because critical alarm systems failed, workers at FirstEnergy did not stop the cascade, because they did not know what was happening.
This is where I think MSBlast, also known as Blaster, may have been involved.
The report gives a specific timeline for the failures. At 2:14 p.m. EDT, the 'alarm and logging software' at FirstEnergy's control room failed. This alarm software 'provided audible and visual indications when a significant piece of equipment changed from an acceptable to problematic condition.' Of course, no one knew that it failed.
Six minutes later, 'several' remote control consoles failed. At 2:41 p.m., the primary server computer that hosted the alarm function failed. Its functions were passed to a backup computer, which failed at 2:54 p.m.
Doesn't this sound like a computer worm wending its way through FirstEnergy's operational computers?
The report had the following: 'For over an hour no one in FE's control room grasped that their computer systems were not operating properly, even though FE's Information Technology support staff knew of the problems and was working to solve them.'
Doesn't this sound like IT working to clean a worm out of its network?"
This is where I think MSBlast, also known as Blaster, may have been involved.
The report gives a specific timeline for the failures. At 2:14 p.m. EDT, the 'alarm and logging software' at FirstEnergy's control room failed. This alarm software 'provided audible and visual indications when a significant piece of equipment changed from an acceptable to problematic condition.' Of course, no one knew that it failed.
Six minutes later, 'several' remote control consoles failed. At 2:41 p.m., the primary server computer that hosted the alarm function failed. Its functions were passed to a backup computer, which failed at 2:54 p.m.
Doesn't this sound like a computer worm wending its way through FirstEnergy's operational computers?
The report had the following: 'For over an hour no one in FE's control room grasped that their computer systems were not operating properly, even though FE's Information Technology support staff knew of the problems and was working to solve them.'
Doesn't this sound like IT working to clean a worm out of its network?"
Comments