Thread: Chinese to build powerstation in UK
View Single Post
Old 22-10-2015, 11:06   #19
mrmistoffelees
067
 
mrmistoffelees's Avatar
 
Join Date: Jul 2007
Location: Middlesbrough
Age: 49
Services: Many
Posts: 5,083
mrmistoffelees has a nice shiny star
mrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny starmrmistoffelees has a nice shiny star
Re: Chinese to build powerstation in UK
Quote:
Originally Posted by Ignitionnet View Post
Yes, which is why I specifically mentioned that Iranian facilities were compromised physically. Some tool brought a USB key into the enrichment facility by most accounts.

Strangely enough I've studied Stuxnet, hence my specifically mentioning SCADA systems. I've read the reports and indeed read the code.

Even had the pleasure of discussing a dissertation on that exact subject, given it was nation state malware using zero-days.



Political. Nothing to do with fears of information security. Going by Snowden's revelations the Chinese would be far more justified to avoid Cisco kit.



Indeed, as I referred to in my post. So explain to me why it matters that China are building the plant?

I referred to out of band communication and airgapping specifically as the primary reason for concern over China building the thing would be a fear they could remotely control the plant. Physical infiltration is a risk whatever.

Regardless of who builds it it is vulnerable to human error, and regardless of who builds it the SCADA systems may be running commercial software which will potentially be vulnerable.

I would highly recommend reading what I wrote with more care, rather than assuming that my course, the best Information Security course in the country, is deficient and/or I'm not paying attention

---------- Post added at 11:45 ---------- Previous post was at 11:43 ----------



A third alternative is perhaps to borrow the money ourselves, given that we can borrow at historically low rates, and handle the construction domestically.

We are seeing a rather disturbing trend of money leaving the country due to these policies, which is why while GDP per capita is back at pre-crisis levels, disposable income per capita is not - more and more of our national income is being exported.

Political ? Sorry, but you are completely and utterly wrong.

if you think that course is the best in the country then i suspect you're looking in the wrong direction. You will learn more in one black hat conference than you will on your course.

An MSc is no substitute IMO for a prof cert & it's real life experience that counts. Our security teams disregard courses such as that favoring CISSP (amongst others) and real time experience.

I as an IT manager look at CV's for roles for infrastructure specialists, dev ops & other roles and in my 20 years in IT i will take someone with 2 years real world experience and a lower qualification. These people can demonstrate they're ability to do their job (and do because part of my interview process is making them do practical tests and demonstrations) you're alleged 'best course in the country' teaches you how to pass a course.

I'll put you up against one of our security specialists in a challenge and I think i know who would win, interested? If you are, I'll see if we can arrange something?


Friendly wager of some beer/meal?
__________________
Nerves of steel, heart of gold, knob of butter......
mrmistoffelees is offline   Reply With Quote