Case 4:13-cv-00442-BLW Document 26 Filed 10/25/13 Page 1 of 4

Scott E. Randolph (ISB #6768) A. Dean Bennett (ISB #7735) HOLLAND & HART LLP 101 South Capitol Boulevard, Suite 1400 P.O. Box 2527 Boise, ID 83701-2527 Telephone: (208) 342-5000 Facsimile: (208) 343-8869 Email: Mark A. Miller (UT Bar No. 9563) (admitted pro hac vice) Ginger Utley (UT Bar No. 11766) (admitted pro hac vice) HOLLAND & HART LLP 222 S. Main Street, Suite 2200 Salt Lake City, UT 84101 Telephone: (801) 799-5800 Facsimile: (801) 799-5700 Email: Attorneys for Plaintiff BATTELLE ENERGY ALLIANCE, LLC IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF IDAHO BATTELLE ENERGY ALLIANCE, LLC, a Delaware limited liability company, Plaintiff, vs. SOUTHFORK SECURITY, INC., an Idaho corporation, COREY THUEN, an individual, and DOES 1 through 10, inclusive, Defendants. Case No. 4:13-cv-00442-BLW SECOND DECLARATION OF STEVEN J. SEIDEMAN


Case 4:13-cv-00442-BLW Document 26 Filed 10/25/13 Page 2 of 4

I, Steven J. Seideman, hereby declare and state as follows: 1. I am the founder and President of Assured Information Solutions which

specializes in computer and database consulting. I have been retained by the law firm Holland & Hart, LLP, as a computer application and database expert for purposes of this litigation. I make this declaration based on my personal knowledge and based upon my education, training, and experience in working with computers and computer systems, which includes many years of work within the Department of Defense and other highly secure computing environments. 2. The public release of software source code exposes individuals and infrastructure

behind the software to risk from those with malicious intent. Attackers use source code to identify vulnerabilities in the software itself and to inform their attack strategy. It is extremely important to understand that in security software applications a vulnerability does not have to be identified in the source code for the software to be put at risk of compromise; knowing what information the software itself is looking for, the strategies it uses to assess threats, and a host of other details about how the software functions (all of which is gleaned from access to the source code), can allow an attacker to design an attack that the software will not identify or one which the software identifies as a benign process. In this instance both Sophia and Visdom are designed to monitor network traffic and discover malicious activity. Knowledge of the source code in this type of security application has the potential to allow an attacker to evade detection. 3. Given the nature of the industry involved in this matter, the risks posed by

software disclosure are serious. Nations such as China, with dedicated, talented and well-funded hackers have a demonstrated interest in attacking the critical infrastructure systems protected by the software at the heart of this case. Those attackers have the time and resources to spend on using publicly available security software to inform their strategy for developing new attacks and methods to avoid detection. Indeed, software like Sophia is developed directly in response to

Case 4:13-cv-00442-BLW Document 26 Filed 10/25/13 Page 3 of 4

such threats and the ongoing attacks against these systems. The availability of software similar to Sophia could allow attackers to escape detection by Sophia. 4. Disclosure of source code that has been derived from protected software and

appropriated into new software performing the same basic security functions and processes as the original, protected software poses serious risk of compromise to the original software. The source code released by the defendant in this case performs the same functions as the Sophia code and implements much of the same security strategy as the software designed for Battelle. The fact that the released code is for the same target environments as Sophia (e.g. industrial control systems (ICS), like those that protect our nation’s nuclear infrastructure), presents risk not only to the Sophia software, but any critical infrastructure it was designed to protect. It is not an exaggeration to say that successful attacks against these systems would directly compromise the national security interests of the United States, which is why these are precisely the systems that are being targeted with well-funded attacks by other nation states. 5. The defense in this case has argued that knowing how a camera works does not

make someone invisible. However, knowing where a camera is placed will allow an individual to identify its blinds spots, and for all intents and purposes become invisible to the camera. I declare under penalty of perjury under the laws of the United States that the foregoing is true and correct. Executed this 25th day of October, 2013, at Boise, Idaho.

Steven J. Seideman


Case 4:13-cv-00442-BLW Document 26 Filed 10/25/13 Page 4 of 4

CERTIFICATE OF SERVICE I HEREBY CERTIFY that on the 25th day of October, 2013, I filed the foregoing electronically through the CM/ECF system, which caused the following parties or counsel to be served by electronic means, as more fully reflected on the Notice of Electronic Filing:
Bradlee R. Frazer Jason D. Scott Hawley Troxell Ennis & Hawley, LLP 877 W. Main Street, Suite 1000 Boise, Idaho 83702-5883 Telephone: (208) 344-6000 Attorneys for Defendants Southfork Security, Inc. and Corey Thuen

/s/ Barbara Thurgood Barbara Thurgood