On the way home, I saw gas lines and sold-out signs. Can you say time for the Navy Seals to take out a hacker group?
1970s again
- Thread starter cwbullet
- Start date
Help Support The Rocketry Forum:
- Joined
- Jan 30, 2016
- Messages
- 8,993
- Reaction score
- 3,517
These attacks always drive me nuts, b/c nobody ever holds the infrastructure operator liable for ignoring basic industry standard safety precautions.
It's always about the Big Bad Hackers when, in fact, the owners have left the keys in the ignition of the money truck, idling in a bad neighborhood.
Am I excusing the thieves? Not at all. But at some point there has to be some accountability for absolute negligence WRT securing critical system operations.
It's always about the Big Bad Hackers when, in fact, the owners have left the keys in the ignition of the money truck, idling in a bad neighborhood.
Am I excusing the thieves? Not at all. But at some point there has to be some accountability for absolute negligence WRT securing critical system operations.
mtnmanak
™
- Joined
- May 5, 2020
- Messages
- 2,062
- Reaction score
- 2,783
Well, we have been caving in to Russian aggression for the past 30 years now. That's both parties through multiple changes of power on our side of the pond.
I am not registered with either political party in this country, but I honestly do not see this administration being the one that finally stands up to Russia. Neither party has had the guts to deal with Russia and the current party in power will continue to stand by and do nothing. This will only increase the hand wringing and bed wetting in Washington. But, nothing will happen except for more righteous indignation.
Neither will they fix our infrastructure issues. Frankly, we haven't really done any major infrastructure work since Eisenhower was president and it doesn't look like we are going to do any in the near term. Despite rhetoric, infrastructure spending buys you exactly 0.0 political capital. Fixing our petroleum infrastructure would cost hundreds of billions (probably trillions) and neither party would get "credit" for it. Besides, spending any money on petroleum infra works against current "green" initiative narrative. Can you imagine the President publicly saying he is going to make it a priority to fix our petroleum pipelines/refineries/storage, etc? He would get eviscerated. So get used the current situation. It may not get worse, but it definitely will not get better. Just wait until they figure out how to hit our power grid.
I am not registered with either political party in this country, but I honestly do not see this administration being the one that finally stands up to Russia. Neither party has had the guts to deal with Russia and the current party in power will continue to stand by and do nothing. This will only increase the hand wringing and bed wetting in Washington. But, nothing will happen except for more righteous indignation.
Neither will they fix our infrastructure issues. Frankly, we haven't really done any major infrastructure work since Eisenhower was president and it doesn't look like we are going to do any in the near term. Despite rhetoric, infrastructure spending buys you exactly 0.0 political capital. Fixing our petroleum infrastructure would cost hundreds of billions (probably trillions) and neither party would get "credit" for it. Besides, spending any money on petroleum infra works against current "green" initiative narrative. Can you imagine the President publicly saying he is going to make it a priority to fix our petroleum pipelines/refineries/storage, etc? He would get eviscerated. So get used the current situation. It may not get worse, but it definitely will not get better. Just wait until they figure out how to hit our power grid.
dr wogz
Fly caster
@dhbarr And that's why we (my company) is invested with 'KnowBe4' for internet security.. We get a weekly 'tip' and a quarterly course on 'how not to let the bad guys in'.
And despite the 2+ years doing it, there are still a few who click on a link in a "malicious" e-mail. (it's a test e-mail to catch you! to se eif you are payign attention..)
https://www.knowbe4.com/
But on a side note: I have been reliving the 70's thru Spotify: search a particular year and listen the hits of that year! today was 1976..
And despite the 2+ years doing it, there are still a few who click on a link in a "malicious" e-mail. (it's a test e-mail to catch you! to se eif you are payign attention..)
https://www.knowbe4.com/
But on a side note: I have been reliving the 70's thru Spotify: search a particular year and listen the hits of that year! today was 1976..
I say Yes, on an ongoing basis.
I think Eye for Eye is a waste of resources.
I say 2 heads for an eye until they deem it unprofitable.
Why is the pipeline hooked up to the internet? There was a time before the internet when the pipelines ran without the internet.
- Joined
- Jul 25, 2012
- Messages
- 482
- Reaction score
- 363
let's see...., Gold at $35 an ounce..........
modeltrains
Well-Known Member
- Joined
- Jun 29, 2011
- Messages
- 1,871
- Reaction score
- 757
If the New York Times' reporting is accurate ...
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html
and it's not like nobody has thought about the thing until just now,
https://www.scientificamerican.com/article/power-grid-cyber-attacks-keep-the-pentagon-up-at-night/
...
https://us-cert.cisa.gov/ncas/alerts/TA18-074A
Last edited:
- Joined
- Mar 20, 2009
- Messages
- 2,451
- Reaction score
- 1,956
That was my first question. I assumed someone hacked the control system of the pipeline and caused a possibly hazardous condition.
From the information I read based on popular news feeds (i.e. not necessarily fact. . . ) it seemed that the company had an attack and chose to shutdown the pipeline 'just in case' something cross contaminated. I'm not sure if that is logical or not.
At my company, none of our equipment (machinery) is connected to the internet or the company network at all. At times, people use a USB key (or hard drive) to transfer data to/from the machine(s). If we had an IT concern (i.e. office computer) that spanned a time period that we knew someone had connected a device to the machine(s), we would absolutely halt machine operation until it could be verified as unaffected (by the software engineers as well as the IT guy) and then we would re-start production under a watchful eye. This has happened twice in 20 years, as far as I know.
I am aware that some big companies somehow ban the use of USB (or other easily connected devices) on the production machinery, but I honestly don't know how that works when you need to get data-logs or other production related data. It is either manual ('air gap') with the chance that something gets plugged in that could be infected (our case) or it is somehow on a network that could also be possibly compromised. I imagine any (*see note) scenario that anyone could come up with would be able to be defeated if there was a $10billion dollar budget for defeating it. . . Thankfully, my company doesn't do anything that interesting. . .
Anyway, initially I was heartbroken when a co-worker said 'some Russians hacked our pipeline' and thought it was literally shutdown by a hacker. I was encouraged (at least a little) that it sounds like 'some Russians' hacked a company and they reacted to shut down their systems on their own that they didn't know 100% were unaffected.
Either way, I'm scared as heck of the whole concept of IOT and that business managers seem to be wanting to rush 'online connectivity of our plant' just so they can get a cool picture of process statistics on their phone while having brunch at their favorite restaurant. . .crazy scary, IMO.
Sandy.
* Note: By 'any', I mean any in the context of 'regular' companies, not mega-companies like Google, Microsoft, etc. or government stuff. People who can spend billions to defend can obviously have better defenses than regular companies.
Last edited:
modeltrains
Well-Known Member
- Joined
- Jun 29, 2011
- Messages
- 1,871
- Reaction score
- 757
That brings to mind a thing heard/read a while back, it went something like;
"If getting money to defend the power grid depends on the voting public you are doomed unless you have the vote on about the third day of a power outage in January in the North and August in the South."
(yeah, that's cynical to the max, but is it wrong?)
- Joined
- Mar 20, 2009
- Messages
- 2,451
- Reaction score
- 1,956
Heh. . .hits close to home. . .
Back in 2018-ish, we had a pretty hot summer. Our house AC shredded a compressor and was 100% down. I tried for about 10 days to get an AC company out to replace the unit, but could barely get a call back, much less a date for service.
I had purchased a mini-split a month before to climate control the garage and after sleeping in the 85 deg house for a week (wife was thankfully out of town) I gave up and installed the mini-split myself. I bought about $1500 in tools to do is right since nobody would call back and 3 years later it is working well still, so I guess I did it right. . .
I will never live in a single source AC house voluntarily unless it is in the mountains or somewhere that it is always cold. You can always add a blanket, but you can only take off so many clothes. . .
Sandy.
I said this tongue and cheek, but I do see this as an act of war. People will be hurt by this act.
Read the book. "One Second After" where they shoot off missiles located on cargo ships and explode EMP (Electro Magnetic Pulse) over us and kill everything with an electronic circuit in it. NO gas pumping, no cars running, no refrigeration, A/C, heat, lighting, cell phones
, no way to contact family members . It would be the worst thing that could happen to us as we would end up starving and/or getting killed by other members of society. An Atomic Bomb would at least be instant.
- Joined
- Feb 28, 2020
- Messages
- 175
- Reaction score
- 273
Sandy H is on the right track. We operated pipelines and power grids in the USA long before the advent of 21st Century whiz-bang electronics. We can do it again. There will be grumbling and whining, but the business managers who want a "cool picture of process statistics on their phone while having brunch at their favorite restaurant" will just have to get over their egos and deal with it. There's too much at stake here.
Computers are cool, when they work right. It's just a damn shame that the evil in the world has led to this.
Bob Schultz
Computers are cool, when they work right. It's just a damn shame that the evil in the world has led to this.
Bob Schultz
Citizen Baslim
Wife: No, you're burning money vertically.
https://mwi.usma.edu/chinas-irregul...adr5IOqLZBoIi7b8oXzNGxNXP_LeWW1UGccbLFX62YL-A
It's called asymmetric warfare and both the Chinese and Russians are really good at it. I don't like how we've characterized asymmetric warfare as "irregular warfare" because asymmetric warfare has long since been the regular type of warfare.
https://mwi.usma.edu has a an article about failing to train conventional forces for irregular warfare
These are my personal opinions and do not reflect the opinions of the US Government or any entity thereof.
In the mid 90's I was injured at work and lost use of my left arm for some time. Not foreseeing a future of continuing my ability to build heavy aircraft components I utilized company money to take several computer forensics courses. These courses were for law enforcement and corporate IT.
The very first thing that was said to the class: "Remember; we are running the world with a device that was designed to be nothing more than a toy."
Cool, yes, over dependent on, yes.
We have to get better. no doubt/.
- Joined
- Feb 1, 2019
- Messages
- 221
- Reaction score
- 251
Saw one lady on ABC news last night saying she drove a hundred miles looking for gas ? Duh now you have to drive a hundred miles back home so what did you accomplish?
Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow
Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow
Saw one lady on ABC news last night saying she drove a hundred miles looking for gas ? Duh now you have to drive a hundred miles back home so what did you accomplish?
Now the other stuff where the hell is the NSA, FBI, CIA, and all the other groups that are suppose to be watching over this stuff. (They are really great at spying on us) We've got thousands and thousands of kids sitting on their butts playing video games and doing all kinds of crap with cell phones and we can't put a hacker force together that can outwit the Russians, Chinese, and the Ukrainians. But hey we got a Space Force Wow
‘I agree. That fails the common sense test.
- Joined
- Jan 30, 2016
- Messages
- 8,993
- Reaction score
- 3,517
Reminder: it is not the FBI's job to prevent you from:
- leaving all your doors wide open when you go on vacation
- keeping gold bars in plain sight in your passenger seat
- storing your cash in a barrel on the lawn
This.
No matter how much money you spend or how good they are, it's not possible for the relevant agencies to guarantee that every valuable resource is doing their job properly internally to protect themselves. And even if they are, people still get through sometimes. I work in IT and have been in the middle of a cyber attack that caused a weeks long network outage. Up to the point that it happened, we were following industry best practices and doing due diligence. Obviously, we evaluated what happened and took steps to adapt our practices to prevent it in the future. That's still not a guarantee that we've predictively prepared ourselves for something new and different next time around. It's an ever changing environment.
As an engineer, I have wondered for years why vital and important systems like this were not air-gapped or at least super difficult to tap. My brother did IT for Republic steel and back in the early 90's he carried a digital "business card" that generated numbers. If he needed to access Republic's system remotely, he had toacces the computer over the internet, log on to his unique account using his username and password, and THEN when prompted, enter the number that was, at that moment, displayed on the "business card" (which changed every 30 -90 seconds or something). So even if hackers had stolen information that allowed them to pretend to be him, they still couldn't access Republic's sensitive information unless they physically had one of those business card number generators in their possession.
And that was thirty years ago. I'm sure that the crypto-security folks haven't been sleeping for three decades. There really isn't any excuse for infrastructure companies to be more than thirty years behind.
And that was thirty years ago. I'm sure that the crypto-security folks haven't been sleeping for three decades. There really isn't any excuse for infrastructure companies to be more than thirty years behind.
- Joined
- Aug 25, 2019
- Messages
- 6,124
- Reaction score
- 4,310
Umm...sorry, but computers were not "designed to be nothing more than a toy." They were designed to do serious work. Read about the history of Bletchley Park, ENIAC, EDSAC, etc. If your instructor actually said this, it was gross hyperbole and highly inaccurate.
The biggest problem is people who insist on lowering/removing security controls because they see it as somehow impeding their ability to get work done and upper management that ignores security because "it'll never happen to us!"
--Former Information Security Officer for a Federal Government installation.
PayLoad
I don't do spirals
Colorado is officially out of gas
Colorado??
heada
Well-Known Member
SecurID. I have a token that does that. Changes a 8 digit code every 60 seconds. If the device is opened, the device self-destructs. I've run the servers that run the SecurID system and boy....that's not fun.
I'm not in a critical industry (normally) and all our manufacturing systems are air-gapped and the systems that monitor those systems are behind multiple levels of firewalls. If critical infrastructure is connected to a network, that is a failing of that company.
Similar threads
