# 1970s again

### Help Support The Rocketry Forum:

#### cwbullet

##### Obsessed with Rocketry
Staff member
Global Mod
On the way home, I saw gas lines and sold-out signs. Can you say time for the Navy Seals to take out a hacker group?

#### samb

Yep, a more forceful response than righteous outrage. Maybe an attack in kind ? We have some hackers on our side, right ?

#### dhbarr

##### Amateur Professional
These attacks always drive me nuts, b/c nobody ever holds the infrastructure operator liable for ignoring basic industry standard safety precautions.

It's always about the Big Bad Hackers when, in fact, the owners have left the keys in the ignition of the money truck, idling in a bad neighborhood.

Am I excusing the thieves? Not at all. But at some point there has to be some accountability for absolute negligence WRT securing critical system operations.

#### mtnmanak

##### TRA & NAR L2
TRF Supporter
Well, we have been caving in to Russian aggression for the past 30 years now. That's both parties through multiple changes of power on our side of the pond.

I am not registered with either political party in this country, but I honestly do not see this administration being the one that finally stands up to Russia. Neither party has had the guts to deal with Russia and the current party in power will continue to stand by and do nothing. This will only increase the hand wringing and bed wetting in Washington. But, nothing will happen except for more righteous indignation.

Neither will they fix our infrastructure issues. Frankly, we haven't really done any major infrastructure work since Eisenhower was president and it doesn't look like we are going to do any in the near term. Despite rhetoric, infrastructure spending buys you exactly 0.0 political capital. Fixing our petroleum infrastructure would cost hundreds of billions (probably trillions) and neither party would get "credit" for it. Besides, spending any money on petroleum infra works against current "green" initiative narrative. Can you imagine the President publicly saying he is going to make it a priority to fix our petroleum pipelines/refineries/storage, etc? He would get eviscerated. So get used the current situation. It may not get worse, but it definitely will not get better. Just wait until they figure out how to hit our power grid.

#### dr wogz

##### Fly caster
@dhbarr And that's why we (my company) is invested with 'KnowBe4' for internet security.. We get a weekly 'tip' and a quarterly course on 'how not to let the bad guys in'.

And despite the 2+ years doing it, there are still a few who click on a link in a "malicious" e-mail. (it's a test e-mail to catch you! to se eif you are payign attention..)

But on a side note: I have been reliving the 70's thru Spotify: search a particular year and listen the hits of that year! today was 1976..

#### Bowman

##### Well-Known Member
On the way home, I saw gas lines and sold-out signs. Can you say time for the Navy Seals to take out a hacker group?
I say Yes, on an ongoing basis.

#### Bowman

##### Well-Known Member
Yep, a more forceful response than righteous outrage. Maybe an attack in kind ? We have some hackers on our side, right ?
I think Eye for Eye is a waste of resources.
I say 2 heads for an eye until they deem it unprofitable.

Why is the pipeline hooked up to the internet? There was a time before the internet when the pipelines ran without the internet.

#### rocket_troy

##### Well-Known Member
But on a side note: I have been reliving the 70's thru Spotify: search a particular year and listen the hits of that year! today was 1976..
Gimme a time machine and I'll be back there in an instant... no question.

TP

#### RocketRev

let's see...., Gold at $35 an ounce.......... #### modeltrains ##### Well-Known Member Just wait until they figure out how to hit our power grid. If the New York Times' reporting is accurate ... Power grids have been a low-intensity battleground for years. Since at least 2012, current and former officials say, the United States has put reconnaissance probes into the control systems of the Russian electric grid. But now the American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow. The commander of United States Cyber Command, Gen. Paul M. Nakasone, has been outspoken about the need to “defend forward” deep in an adversary’s networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it. “They don’t fear us,” he told the Senate a year ago during his confirmation hearings. But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate. and it's not like nobody has thought about the thing until just now, In a 2012 report, the National Academy of Sciences called for more research to make the grid more resilient to attack and for utilities to modernize their systems to make them safer. Indeed, as society becomes increasingly reliant on the power grid and an array of devices are connected to the internet, security and protection must be a high priority. Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors Original release date: March 15, 2018 | Last revised: March 16, 2018 ... Description Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. [1]https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.” Last edited: #### Sandy H. ##### Well-Known Member Why is the pipeline hooked up to the internet? There was a time before the internet when the pipelines ran without the internet. That was my first question. I assumed someone hacked the control system of the pipeline and caused a possibly hazardous condition. From the information I read based on popular news feeds (i.e. not necessarily fact. . . ) it seemed that the company had an attack and chose to shutdown the pipeline 'just in case' something cross contaminated. I'm not sure if that is logical or not. At my company, none of our equipment (machinery) is connected to the internet or the company network at all. At times, people use a USB key (or hard drive) to transfer data to/from the machine(s). If we had an IT concern (i.e. office computer) that spanned a time period that we knew someone had connected a device to the machine(s), we would absolutely halt machine operation until it could be verified as unaffected (by the software engineers as well as the IT guy) and then we would re-start production under a watchful eye. This has happened twice in 20 years, as far as I know. I am aware that some big companies somehow ban the use of USB (or other easily connected devices) on the production machinery, but I honestly don't know how that works when you need to get data-logs or other production related data. It is either manual ('air gap') with the chance that something gets plugged in that could be infected (our case) or it is somehow on a network that could also be possibly compromised. I imagine any (*see note) scenario that anyone could come up with would be able to be defeated if there was a$10billion dollar budget for defeating it. . . Thankfully, my company doesn't do anything that interesting. . .

Anyway, initially I was heartbroken when a co-worker said 'some Russians hacked our pipeline' and thought it was literally shutdown by a hacker. I was encouraged (at least a little) that it sounds like 'some Russians' hacked a company and they reacted to shut down their systems on their own that they didn't know 100% were unaffected.

Either way, I'm scared as heck of the whole concept of IOT and that business managers seem to be wanting to rush 'online connectivity of our plant' just so they can get a cool picture of process statistics on their phone while having brunch at their favorite restaurant. . .crazy scary, IMO.

Sandy.

* Note: By 'any', I mean any in the context of 'regular' companies, not mega-companies like Google, Microsoft, etc. or government stuff. People who can spend billions to defend can obviously have better defenses than regular companies.

Last edited:

#### modeltrains

I imagine any scenario that anyone could come up with would be able to be defeated if there was a $10billion dollar budget for defeating it. . . That brings to mind a thing heard/read a while back, it went something like; "If getting money to defend the power grid depends on the voting public you are doomed unless you have the vote on about the third day of a power outage in January in the North and August in the South." (yeah, that's cynical to the max, but is it wrong?) #### Sandy H. ##### Well-Known Member That brings to mind a thing heard/read a while back, it went something like; "If getting money to defend the power grid depends on the voting public you are doomed unless you have the vote on about the third day of a power outage in January in the North and August in the South." (yeah, that's cynical to the max, but is it wrong?) Heh. . .hits close to home. . . Back in 2018-ish, we had a pretty hot summer. Our house AC shredded a compressor and was 100% down. I tried for about 10 days to get an AC company out to replace the unit, but could barely get a call back, much less a date for service. I had purchased a mini-split a month before to climate control the garage and after sleeping in the 85 deg house for a week (wife was thankfully out of town) I gave up and installed the mini-split myself. I bought about$1500 in tools to do is right since nobody would call back and 3 years later it is working well still, so I guess I did it right. . .

I will never live in a single source AC house voluntarily unless it is in the mountains or somewhere that it is always cold. You can always add a blanket, but you can only take off so many clothes. . .

Sandy.

#### cwbullet

##### Obsessed with Rocketry
Staff member
Global Mod
I said this tongue and cheek, but I do see this as an act of war. People will be hurt by this act.

#### hobie1dog

It may not get worse, but it definitely will not get better. Just wait until they figure out how to hit our power grid.
Read the book. "One Second After" where they shoot off missiles located on cargo ships and explode EMP (Electro Magnetic Pulse) over us and kill everything with an electronic circuit in it. NO gas pumping, no cars running, no refrigeration, A/C, heat, lighting, cell phones , no way to contact family members . It would be the worst thing that could happen to us as we would end up starving and/or getting killed by other members of society. An Atomic Bomb would at least be instant.

#### bschultz32

##### Active Member
TRF Supporter
Sandy H is on the right track. We operated pipelines and power grids in the USA long before the advent of 21st Century whiz-bang electronics. We can do it again. There will be grumbling and whining, but the business managers who want a "cool picture of process statistics on their phone while having brunch at their favorite restaurant" will just have to get over their egos and deal with it. There's too much at stake here.
Computers are cool, when they work right. It's just a damn shame that the evil in the world has led to this.
Bob Schultz

#### Citizen Baslim

##### Wife: No, you're burning money vertically.
I said this tongue and cheek, but I do see this as an act of war. People will be hurt by this act.

It's called asymmetric warfare and both the Chinese and Russians are really good at it. I don't like how we've characterized asymmetric warfare as "irregular warfare" because asymmetric warfare has long since been the regular type of warfare.

https://mwi.usma.edu has a an article about failing to train conventional forces for irregular warfare

These are my personal opinions and do not reflect the opinions of the US Government or any entity thereof.

#### TSMILLER

##### Well-Known Member
TRF Supporter
"Computers are cool, when they work right."
In the mid 90's I was injured at work and lost use of my left arm for some time. Not foreseeing a future of continuing my ability to build heavy aircraft components I utilized company money to take several computer forensics courses. These courses were for law enforcement and corporate IT.
The very first thing that was said to the class: "Remember; we are running the world with a device that was designed to be nothing more than a toy."
Cool, yes, over dependent on, yes.

#### cwbullet

##### Obsessed with Rocketry
Staff member
Global Mod
We have to get better. no doubt/.

#### mo2872

##### Well-Known Member
Time to go back to points and condensers............(said only slightly tongue-in-cheek).......mention above of EMP taking out cars.....and landlines?

#### JLP1

##### Well-Known Member
TRF Supporter
Saw one lady on ABC news last night saying she drove a hundred miles looking for gas ? Duh now you have to drive a hundred miles back home so what did you accomplish?

Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow

#### cwbullet

##### Obsessed with Rocketry
Staff member
Global Mod
Saw one lady on ABC news last night saying she drove a hundred miles looking for gas ? Duh now you have to drive a hundred miles back home so what did you accomplish?

Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow
‘I agree. That fails the common sense test.

#### dhbarr

##### Amateur Professional
Reminder: it is not the FBI's job to prevent you from:
• leaving all your doors wide open when you go on vacation
• keeping gold bars in plain sight in your passenger seat
• storing your cash in a barrel on the lawn
Most of the 'hacks' we read about are pretty much exactly this: poorly configured, unpatched systems attached directly both to the public internet as well as critical infrastructure.

#### CalebJ

##### Well-Known Member
TRF Supporter
Reminder: it is not the FBI's job to prevent you from:
• leaving all your doors wide open when you go on vacation
• keeping gold bars in plain sight in your passenger seat
• storing your cash in a barrel on the lawn
Most of the 'hacks' we read about are pretty much exactly this: poorly configured, unpatched systems attached directly both to the public internet as well as critical infrastructure.
This.

No matter how much money you spend or how good they are, it's not possible for the relevant agencies to guarantee that every valuable resource is doing their job properly internally to protect themselves. And even if they are, people still get through sometimes. I work in IT and have been in the middle of a cyber attack that caused a weeks long network outage. Up to the point that it happened, we were following industry best practices and doing due diligence. Obviously, we evaluated what happened and took steps to adapt our practices to prevent it in the future. That's still not a guarantee that we've predictively prepared ourselves for something new and different next time around. It's an ever changing environment.

#### Peartree

##### Cyborg Rocketeer
Staff member
Global Mod
As an engineer, I have wondered for years why vital and important systems like this were not air-gapped or at least super difficult to tap. My brother did IT for Republic steel and back in the early 90's he carried a digital "business card" that generated numbers. If he needed to access Republic's system remotely, he had toacces the computer over the internet, log on to his unique account using his username and password, and THEN when prompted, enter the number that was, at that moment, displayed on the "business card" (which changed every 30 -90 seconds or something). So even if hackers had stolen information that allowed them to pretend to be him, they still couldn't access Republic's sensitive information unless they physically had one of those business card number generators in their possession.

And that was thirty years ago. I'm sure that the crypto-security folks haven't been sleeping for three decades. There really isn't any excuse for infrastructure companies to be more than thirty years behind.

#### John Kemker

##### Well-Known Member
TRF Supporter
In the mid 90's I was injured at work and lost use of my left arm for some time. Not foreseeing a future of continuing my ability to build heavy aircraft components I utilized company money to take several computer forensics courses. These courses were for law enforcement and corporate IT.
The very first thing that was said to the class: "Remember; we are running the world with a device that was designed to be nothing more than a toy."
Cool, yes, over dependent on, yes.
Umm...sorry, but computers were not "designed to be nothing more than a toy." They were designed to do serious work. Read about the history of Bletchley Park, ENIAC, EDSAC, etc. If your instructor actually said this, it was gross hyperbole and highly inaccurate.

The biggest problem is people who insist on lowering/removing security controls because they see it as somehow impeding their ability to get work done and upper management that ignores security because "it'll never happen to us!"

--Former Information Security Officer for a Federal Government installation.

##### I don't do spirals
TRF Supporter
Colorado is officially out of gas

TRF Supporter