You are viewing a single comment's thread from:

RE: [The Library Information Warfare] Sun Tzu and the Art of Critical Infrastructure Defense

in #informationwar7 years ago

Internet of things -- connecting cameras, fridges, industrial controllers, etc. to the web, resulting in a larger target surface and a multitude of botnets, including Mirai, that cost governments and private companies billions a year.

You're citing stuff that was hacked using default, unset credentials, in other words this was simply and solely because of piss poor implementation and not because of Intercontectedness.

Nuclear plants, other critical infrastructure -- while it is convenient to connect the critical infrastructure to the web, it is absolutely silly to do so. Convenience should never dictate putting citizens at risk, especially when the risk is deadly power outages or nuclear meltdown.

Deadly olives, because A you haven't demonstrated that such systems are connected to the web, and the contention I made was that simply because it's a computer, despite it NOT being connected to the internet, it can still be hacked. Until you can demonstrate that Nuclear Power plants are Connected to the Internet and that this Compromises them it's only your speculation, which as I've pointed the vulnerability is there Regardless of being Connected and Despite that they aren't connected to the internet, as your Ukrainian Example demonstrates. Can connecting it to the internet compromise security by default? No, and any network engineer will tell you that because there's a multitude of safeguards on top of safeguards, but can Piss Poor Implementation compromise security, Without a Doubt.

Hospital networks -- I get it. Paper reports are a pain in the ass. There is an acceptable level of convenience for hospital networks. But when we have heart monitors and IV pumps connected, at least by proxy, to the Web, that's ridiculous.

Again there is no reason to think this is the case. It's alarmist nonsense, and ridiculous, with basic security you can stop all incoming traffic for example, and only send out traffic. Read Only Effectively.

Don't know if this is an attempt to downplay the risk of widespread power outages or what..

No, that's giving it an equivalent example of the Risk involved.

Agree with the No Impenetrable fortress defense. There isn't one, but that does not give us an excuse to put them in a hay hut. And I also wasn't necessarily referring to nukes, more non-nuclear EMP devices, which are becoming more of a threat and are much more difficult to detect and defend against.

Actually you cannot guard against that so you might as well stop wasting resources creating the Impossible.

As for your arguments about Rome never falling... That seems like a stretch. Especially a semantic one. Interesting though.

Actually I provided the references, the Councils of Nicea, the Numerous Acts of the Empire, LONG after it's fall, then you have to take in the fact that all law comes from Roman Law and the reason is because the Empire Never Fell. I Pointed out how the homegrown legions were left behind to create the Empires that came to be known, France, Spain, England which all bowed to the Pope. Clearly Real Power Never Changes Hands. who took over the Romans? Who took out the Russians? Those Empires are All but Dead, the Pope is still Trustee to All Governments, England, American, Spanish, French, all Corporations, all Communes, all Coops, the Roman Pontiff has authority over those things because they are created by the Curia and the Ecclesiastical Cannon Law that supersedes and created the Merchant Trader Laws and the Maritime Laws is also copyrighted along with those other creations by the Pope. If you wish to contest one thing I said do it with specificity and don't give me these general off the wall insane remarks to my Clear Concise Facts and pointers which are with a certain Particularity and in a very important Context, so delve deeper than the seemingly appearance that hardly touches on any of the aspects I brought up, because I expect that you wouldn't have responded if I said that "as for Romen falling.. that seems like a stretch. Especially a semantic one. Interesting though." so give me the consideration my Response Demands and don't wave my words away with dismissive motions punctuated by some peaked curiosity of unknown and unmentioned direction.

Sort:  

You're citing stuff that was hacked using default, unset credentials, in other words this was simply and solely because of piss poor implementation and not because of Intercontectedness.

Their mere connectedness allowed for them to be "hacked" because of default credentials. Computers are not innately dangerous. Their data and connectedness to the web confer danger.

Deadly olives, because A you haven't demonstrated that such systems are connected to the web, and the contention I made was that simply because it's a computer, despite it NOT being connected to the internet, it can still be hacked. Until you can demonstrate that Nuclear Power plants are Connected to the Internet and that this Compromises them it's only your speculation, which as I've pointed the vulnerability is there Regardless of being Connected and Despite that they aren't connected to the internet, as your Ukrainian Example demonstrates. Can connecting it to the internet compromise security by default? No, and any network engineer will tell you that because there's a multitude of safeguards on top of safeguards, but can Piss Poor Implementation compromise security, Without a Doubt.

https://www.wired.com/story/hack-brief-us-nuclear-power-breach/
https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
While a Forbes article does imply that nuclear safety mechanisms are safe and secure behind segmentation and out-only network engineering, that does not protect the entirety of nuclear power plant security. The Ukranian example does not at all demonstrate that the power plants are segmented off. The mere targeting of our plants, as well as the attack on the Ukranians, would imply the opposite, that even if they are relatively segmented, there is still crossover enough for attack to be possible from the web as a whole. This is unacceptable. As for your "any network engineer" example, that's simply a falsehood. Any network engineer with any background in security would tell you that connecting it with the internet does immediately put it at some level of risk, and the data and context involve would play a part in what level that risk should be viewed at.

Again there is no reason to think this is the case. It's alarmist nonsense, and ridiculous, with basic security you can stop all incoming traffic for example, and only send out traffic. Read Only Effectively.

https://www.theverge.com/2017/5/12/15630354/nhs-hospitals-ransomware-hack-wannacry-bitcoin

Read only? Seems like UK at least would imply that hospital networks absolutely imply that hospital networks are overconnected. Basic security both doesn't work and is rarely implemented.

Actually you cannot guard against that so you might as well stop wasting resources creating the Impossible.

That's just blatantly dangerous logic.

Actually I provided the references, the Councils of Nicea, the Numerous Acts of the Empire, LONG after it's fall,...

Again. I'm talking about the literal fall of Rome. The Empire itself. You're using semantics to imply the existance of the Pope and the Roman system implies that Rome never fell.. That's a purely semantic argument against a point that is clearly a literal case for the fall of Rome as a ruling society and government. Rome, even if I do humor your point of the Pope still being around, absolutely does not rule France, Spain, or America. That is laughable. You're arguing using a largely semantic argument over the definition of "rule", trying to conjure up some ownership between the pope and established nations that does not exist. You're citing things, and I appreciate that at least, but your argument is still a far stretch. Rome fell. Period.

Loading...