Profile picture
, 8 tweets, 2 min read
My Authors
Read all threads
The story of hardware backdoors from China found in an electric transformer at a US utility is continuing to gain attention; but it doesn’t deserve to. There has only been 1 source of the claim who doesn’t even work at a utility and he has provided 0 evidence.
The story especially with its supply chain angle is sensational and touches on long held fears in DC and elsewhere. But their fears that have never manifested. So there’s folks who really want to believe this is true. But there’s no evidence of it now nor has there been.
Joe (the individual making the claim) is a really good engineer and has been very important to the development of the ICS security community, but he often has sensation claims that turn out to be very inaccurate, unsupported, or twisted non maliciously for other purposes.
Many in the ICS security community owe him gratitude along their careers for his advocacy, speaking against him always carries some level of taboo, I consider him a friend and important to me as well. But this claim doesn’t pass the smell test and is entirely unsupported
At a time with the new electric sector focused Executive Order I fear it’s going to drive bad policy and security decisions. Fears of China remotely activating said back doors for an “Aurora” effect on transmission equipment is even more ridiculous.
I do not tweet any of these lightly. Yes there are legitimate supply chain concerns. Yes counterfeit equipment has been found before for criminal purposes not malicious cyber purposes. Yes we can all think of tangential scenarios that bother us. But this specific claim is off
If Joe has evidence of a state level cyber attack that the NSA, White House, DOE, FERC, utility industry, etc. are all completely unaware of then I hope he comes forward with any evidence. Until then the burden of proof is on him and we should all go about our days.
There are very important security and policy efforts that have nothing to do with level 0 or hardware backdoors that need prioritized at a time the threats continue to get more aggressive while our industries are transforming enabling more risk. Focus on what works.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Robert M. Lee

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @RobertMLee see all

Profile picture
Robert M. Lee
@RobertMLee
Quick break down on what the Dragos blog today on XENOTIME does and doesn’t mean. Thread:
XENOTIME is the threat responsible for the TRISIS (TRITON) attack in Saudi Arabia. For months Dragos has tracked them including penetrating oil and gas companies in North America. We also observed them start to target (specific reconnaissance) against US electric utilities.
We’ve been privately reporting to the community and made sure we worked with appropriate orgs who could get the word out to the utilities. XENOTIME is the only threat to have crossed the line to have ever tried to kill someone (TRISIS targeted safety systems). It’s serious.
Read 10 tweets
Profile picture
Robert M. Lee
@RobertMLee
(venting a bit warning but also going to talk openly about why we did something.) So @DragosInc acquired NexDefense to release its tool to the community. @digitalbond didn’t like that answer that we’d do this do help folks. He challenged me publicly on it and I explained.
After explaining the full details of why he still decided to run in his newsletter the following: “I'm not buying the stated reason of helping the community by moving Sophia/Integrity to open source.” To a large public audience.
It’s up to everyone to make their own decision but since we’re being called a liar essentially I’d like to expose the reasons to everyone. Which by the way don’t actually impact anyone because it’s still a free tool for folks to use regardless.
Read 11 tweets
Profile picture
Robert M. Lee
@RobertMLee
The moment we’ve (@DragosInc at least) have been waiting for...the S4 ICS Threat Detection results. #S4x19
All the competitors in the space were invited. In the end, three stepped up. Kaspersky ICS, an open source tool team by an ICS sec analyst from an asset owner/operator, and Dragos. Because the others didn’t participate it turned from a competition to more of an evaluation #S4x19
“Claroty and Dragos stepped up early. We reached out to 20+ of the vendors and they all said no.” @digitalbond then notes that Claroty backed out a few weeks before the competition so it morphed to an evaluation. The challenge kicks off with Ron who put 500+ hours into making it
Read 29 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!