You are viewing a single comment's thread from:

RE: [The Library Information Warfare] Sun Tzu and the Art of Critical Infrastructure Defense

Interconnectivity allows for incredible things, and there is no reason to conclude that it does so at the price of safety and security.

That is patently and dangerously false. While it absolutely allows for incredible things, there are a million reasons to conclude that it does so at the price of safety and security.

  1. Internet of things -- connecting cameras, fridges, industrial controllers, etc. to the web, resulting in a larger target surface and a multitude of botnets, including Mirai, that cost governments and private companies billions a year.

  2. Nuclear plants, other critical infrastructure -- while it is convenient to connect the critical infrastructure to the web, it is absolutely silly to do so. Convenience should never dictate putting citizens at risk, especially when the risk is deadly power outages or nuclear meltdown.

  3. Hospital networks -- I get it. Paper reports are a pain in the ass. There is an acceptable level of convenience for hospital networks. But when we have heart monitors and IV pumps connected, at least by proxy, to the Web, that's ridiculous.

etc.

Eating Olives can be fatal

Don't know if this is an attempt to downplay the risk of widespread power outages or what..

Nukes kinda invalidate any and all defenses, so going that far this has been senseless.

Yes it's a security oversight to place critical infrastructure on the WEB, but there is no Impenetrable Fortress that exists from an EMP, and clearly the Ukrainian Example was Hacked Despite being an Intranet so it seems as long as it's a Computer it's a security oversight.

Agree with the No Impenetrable fortress defense. There isn't one, but that does not give us an excuse to put them in a hay hut. And I also wasn't necessarily referring to nukes, more non-nuclear EMP devices, which are becoming more of a threat and are much more difficult to detect and defend against.

As for your arguments about Rome never falling... That seems like a stretch. Especially a semantic one. Interesting though.

Sort:  

You're citing stuff that was hacked using default, unset credentials, in other words this was simply and solely because of piss poor implementation and not because of Intercontectedness.

Their mere connectedness allowed for them to be "hacked" because of default credentials. Computers are not innately dangerous. Their data and connectedness to the web confer danger.

Deadly olives, because A you haven't demonstrated that such systems are connected to the web, and the contention I made was that simply because it's a computer, despite it NOT being connected to the internet, it can still be hacked. Until you can demonstrate that Nuclear Power plants are Connected to the Internet and that this Compromises them it's only your speculation, which as I've pointed the vulnerability is there Regardless of being Connected and Despite that they aren't connected to the internet, as your Ukrainian Example demonstrates. Can connecting it to the internet compromise security by default? No, and any network engineer will tell you that because there's a multitude of safeguards on top of safeguards, but can Piss Poor Implementation compromise security, Without a Doubt.

https://www.wired.com/story/hack-brief-us-nuclear-power-breach/
https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
While a Forbes article does imply that nuclear safety mechanisms are safe and secure behind segmentation and out-only network engineering, that does not protect the entirety of nuclear power plant security. The Ukranian example does not at all demonstrate that the power plants are segmented off. The mere targeting of our plants, as well as the attack on the Ukranians, would imply the opposite, that even if they are relatively segmented, there is still crossover enough for attack to be possible from the web as a whole. This is unacceptable. As for your "any network engineer" example, that's simply a falsehood. Any network engineer with any background in security would tell you that connecting it with the internet does immediately put it at some level of risk, and the data and context involve would play a part in what level that risk should be viewed at.

Again there is no reason to think this is the case. It's alarmist nonsense, and ridiculous, with basic security you can stop all incoming traffic for example, and only send out traffic. Read Only Effectively.

https://www.theverge.com/2017/5/12/15630354/nhs-hospitals-ransomware-hack-wannacry-bitcoin

Read only? Seems like UK at least would imply that hospital networks absolutely imply that hospital networks are overconnected. Basic security both doesn't work and is rarely implemented.

Actually you cannot guard against that so you might as well stop wasting resources creating the Impossible.

That's just blatantly dangerous logic.

Actually I provided the references, the Councils of Nicea, the Numerous Acts of the Empire, LONG after it's fall,...

Again. I'm talking about the literal fall of Rome. The Empire itself. You're using semantics to imply the existance of the Pope and the Roman system implies that Rome never fell.. That's a purely semantic argument against a point that is clearly a literal case for the fall of Rome as a ruling society and government. Rome, even if I do humor your point of the Pope still being around, absolutely does not rule France, Spain, or America. That is laughable. You're arguing using a largely semantic argument over the definition of "rule", trying to conjure up some ownership between the pope and established nations that does not exist. You're citing things, and I appreciate that at least, but your argument is still a far stretch. Rome fell. Period.

Loading...