No petrol in about 5 of the 7 stations i passed on the way back home from Costco this morning. Costco had just had a delivery and there was around 100 cars in line waiting for fuel. South east USA has been screwed by 1 cyber attack, wonder what would happen if they took down the grid. Looks like were in for an interesting year again.
Only took 1 Cyber attack
- Thread starter Kutter
- Start date
It amazes me that infrastructure like that is so vulnerable to attacks like that.
Where I work is far less critical and our main "production" system is fully closed and there is a more basic backup system to fall back on if stuff is compromised.
Though you only need one lazy, etc. person potentially to compromise a system
as happened at a previous place where an IT tech hooked up their personal laptop, which it turns out was infected with malware, to install a printer driver :s
Where I work is far less critical and our main "production" system is fully closed and there is a more basic backup system to fall back on if stuff is compromised.
Though you only need one lazy, etc. person potentially to compromise a system
as happened at a previous place where an IT tech hooked up their personal laptop, which it turns out was infected with malware, to install a printer driver :s
Soldato
- Joined
- 13 May 2003
- Posts
- 8,972
Industries don’t want to employ enough staff to support 24/7 on site support. Also DCS solutions allow for rapid process modifications which makes for operational flexibility and efficiency. Combine the two and you lose the air gapped resilience. Simply put the lack of profitability means we don’t maintain and engineer to the standards we aspire to. I work in heavy industry and that has been the direction of travel for the last 2 decades of my working life and arguably long before that.
Caporegime
- Joined
- 20 Oct 2002
- Posts
- 75,932
- Location
- Wish i was in a Ramen Shop Counter
Humans are the weakest point in the chain.
Many of these systems run Windows versions decades old. XP and 2000 are still everywhere in industry and the people that wrote the programs laid off or retired with little to no written records kept or jury rigged fixes done ‘on the fly’ to get production running again without proper documentation. It’s a nightmare.
So true. 2 years back I was working for one of the biggest insurance companies in the States (that also operates in the UK), and they still had production systems running NT4! The number of 2000 systems was too large to count on your hands and feet, and the number of 2003 was literally in the hundreds.
Bearing in mind that 2008 had already been End-of-support listed by Microsoft at this point…
Gonna be fun. I work from home so I'm OK, but my wife does about 1.5 hours of driving for work per day.
Beautiful timing with memorial day coming up (one of the most expensive times of year for gas), which will force prices even higher if we will even be able to get gas with people freaking out.
Too many companies aren't planning for 'when' it happens, but 'if' it happens.
Beautiful timing with memorial day coming up (one of the most expensive times of year for gas), which will force prices even higher if we will even be able to get gas with people freaking out.
Too many companies aren't planning for 'when' it happens, but 'if' it happens.
Except they're not connected to the internet....
IIRC the machines that are connected to the internet don't have anything to do with the voting machines, but are for things like updating the figures displayed based on what the actual airgrapped machines have said.
It's also as always, worth noting these are machines the Republican Party were quite happy with before Trump looked like he would lose, and in many instances were installed, used and monitored by Republican officials....
Strange how the facts don't match your reality.
Last edited:
Disaster planning costs money and accountants look at balance sheets and see millions sitting doing nothing as nothing has gone wrong yet and it gets cut. And then something goes wrong.
The thing that gets me, is how/why they didn't have the control systems completely segregated, or at the very least done in such a way that the only data that could be passed from outside to the secure network was through some portal that limited it to a known "safe" set of instructions (IE if you needed to connect remotely only the data for an approved/secure app could be transferred and that only be what was necessary for basic functions).
I suspect it's going to turn out that somewhere along the lines a decision was made years ago to not operate the control/monitoring systems as a standalone/fully protected network as not doing so made it fractionally cheaper or easier.
Aye, it's like a lot of things, disaster planning, checking recovery/restart plans work by actually powering down a system, checking the data recovery system is actually writing to whatever medium is used, and crucially that it can be read again (if using tapes etc, making sure that it can be read off a different drive and not just the one that did the initial write and verification).
I've seen so many stories over the years of managers/accountants not wanting to lose profits by having a planned shutdown/test when all the necessary personal can be in place and ready to deal with any unexpected issues, but then being caught out when something did go wrong and things didn't work out well because no one was fully ready and key people had left without things being documented (but no one realised that because it hadn't been tried out and spotted).
You get the same with things like customer service/RMA's and packaging.
One of the best example I saw of how a company saved money by ignoring the accountants was a DVD producerwho also acted as a Distribution/RMA centre for other companies, and was their own major retailer so saw the returns percentages for dozens of case types.
The boss of the company explained once why he always specified a certain case type for his releases, the cost was a couple of cents more per unit, but it resulted in a far lower return rate because discs didn't come loose as easily as some cases, and it didn't risk cracking the discs like another type*, as he put it "we get to see how much the different styles of case cost in total allowing for returns, not just how much the case costs".
*I think it was the Scanavo style cases that either didn't hold the disk at all, or over time could crack the disk (or you risked breaking the disc as you took it out) as it had somehting like 6 prongs and they were often extremely stiff.
Last edited:
I got hired to solve a security issue. (Redesign and implement our auth process/system). I agree with you, but it's more about complacency and if there hasn't been a problem already then no one things to do anything.
Last edited:
It's embedded systems that don't get updated. With just the process information shown on a 6" mono screen people forget that there maybe a full operating system behind it ripe for exploitation.
Like shop tills that look nothing similar to windows, when they go down they show the recognisable blue screen of death.
Like shop tills that look nothing similar to windows, when they go down they show the recognisable blue screen of death.
I remember saying 25 years ago "what if the computer nerds join forces with the criminal gangs?". It was obvious back then that if those two elements mixed there would be big problems.
It doesn't help that the West under values the skills of our own computer people. They always have. The business world are different people to us computer folk.
Business people don't appreciate the value of having good security. There as been thousands of data leaks from these companies that expose our information to the world. Yet none of those companies even get fined. No lesson is taught. So we're a sitting duck due to the slackness of our higher ups.
It doesn't help that the West under values the skills of our own computer people. They always have. The business world are different people to us computer folk.
Business people don't appreciate the value of having good security. There as been thousands of data leaks from these companies that expose our information to the world. Yet none of those companies even get fined. No lesson is taught. So we're a sitting duck due to the slackness of our higher ups.
They should be fined according to the ICO guidelines. https://ico.org.uk/for-organisation...uide-to-law-enforcement-processing/penalties/ But how many actually are I don’t know.
After looking at pictures of people making it worse by filling water buts, oil drums and even plastic bags with petrol... I just give up with humans lol. Literally made the situation from a minor inconvenience to a massive problem in places like Georgia and Virginia.
Agree. Such important infrastructure should have closed network with incredibly heavy security for local access to it.
I always thought that you know..critical operating machines wouldnt be allowed to even have an outside wire come close to them? Are you telling me the same machines that control a lot of this kinda thing needs to have a outside connection?