Slashdot Mirror
Mitsubishi Hack Stole Nuclear, Defense Data
judgecorp writes "When Mitsubishi announced in September it had been hacked in August it was criticized for keeping quiet for a month. Now it appears that the attackers got nuclear power plant and military aircraft details according to sources quoted in the Japanese media."
I can speak from a little bit (and I stress 'little bit') of inside information on this particular topic in that MHI spends far less on IT than you could possibly imagine. What's more, their reliance on outside sources for their services and support is frightening.
At the end of the day, we live in the information age and the most precious things we have is information. And to spend as little as they do protecting it, one has to think they are doing it wrong and suffer from some really bad or old ideas.
But you know, Japan is pretty bad about that in general. They are still largely a "job for life" company which means their business culture doesn't vary much. They don't see or understand how others do it. So whatever service and support they get, it's "normal" to them. And new ideas are foreign ideas... and we already know how they are about foreign ideas.
It actually kinda makes me angry that they sat on the information the way they did... same as the way TEPCO sat on critical data and information surrounding the Fukushima disaster. And I have to say that it was "confirmed" in August that it happened. Do you have any idea how long it takes for them to "confirm" something like this? In my experience, they first got the hint probably a month prior or even more. Their notion of proof requires a LOT of evidence -- they are very thorough, detailed and complete in this way.
TEPCO and MHI were and are very slow to respond to emergencies and care more for their "face saving" than resolving problems. Perhaps I am just an American judging them by American standards and ideals. But I have to say I believe resolving the problems and learning important lessons would come first with me and it doesn't seem to come first with them.
I can speak from a little bit (and I stress 'little bit') of inside information on this particular topic in that MHI spends far less on IT than you could possibly imagine. What's more, their reliance on outside sources for their services and support is frightening
That's true for much of the corporate world. IT is seen as a cost-center that is a necessary evil rather than an asset to the company.
Systems won't get secured because it costs too much. Same with upgrading to the next release of software (since the current version is going out of support).
My current job has forced me to deploy a couple of Solaris 8 servers to the Internet. Of course I yelled and screamed that this is bad because Oracle doesn't patch Solaris 8 anymore (unless you pay for a hella expensive vintage patch service agreement, which we don't). But it was deemed that business operations and cost savings trumped any security concerns. They wouldn't even let me move the servers to isolated subnets since that'd incur downtimes and possible unacceptable risks of further outages.
It's not until a company gets cracked and has it's source code (or customer database /w financial info) stolen, or worse (think of data being deleted forcing lots of lengthy and often untested disaster recovery procedures to activated) that they do something. But when that happens, they blame the IT staff for being incompetent (even though you raised the alarm bells months ago) and fire them and then bring in outside consultants who may or may not be competent and put effective policies into place.
The target area is only two meters wide. It's a small thermal exhaust port, right below the main port. The shaft leads directly to the reactor system. A precise hit will start a chain reaction which should destroy the station. Only a precise hit will set up a chain reaction.
not only that, Mitsubishi was also responsible for hiding the defective fuel tank of its A6M aircraft from the American public. It was only discovered after examining the wreckage of the plane that went down in the Aleutian islands that we finally learned the truth: that it was unarmored, non-self-sealing, and prone to exploding when hit by gunfire. Mitsubishi never owned up to it, nor take the necessary steps to remedy the problem.
Hmm, this sounds suspiciously like a trap.
"I assumed blithely that there were no elves out there in the darkness"
I grew up in the States but am east Asian by ethnicity/heritage and have some knowledge of east Asian culture (though obviously my parents didn't think too highly of it, otherwise they probably would've made a more concerted effort to educate/indoctrinate me about it).
The concept is quite simple, it's primarily about bolstering external perception in order to promote the reputation of a group that one self-identities with - be that the family, the company, or the country. You define an in-group and an out-group, and within the in-group honesty and transparency is permitted (at least with respect to the domain of the in-group, you're not going to be sharing family secrets with your co-workers, for example). However, when it comes to the out-group, every effort is made to give the appearance that activities within the in-group are efficient, successful, "harmonious" (i.e. lack of conflict between members of the in-group) - in other words, bury all dirty secrets and make everything look utopian, even if it isn't. Transparency is discouraged because it is bad PR, and members of the out-group (i.e. the rest of society) are expected to have lower expectations as to the amount of information that is provided through "official" channels. So in order to obtain such information, members of the out-group turn to gossip, espionage, etc.
I wouldn't say that "Western" culture (I hate that term because I reject the existence of that distinction as philosophically valid) doesn't practice "face-saving" to some degree, it just isn't taken to the extremes that it is in east Asia because of societal expectations regarding transparency and accountability. I for one think that this is one area where people in China, Korea, and Japan can learn a lot from "Western" countries. After all, face-saving is simply an aspect of tribalism, institutionalized.
Cogito, ergo sum, fosho!
this rough WWII quote still seems to hold true according to (old) news of friendly fire in Iraq. It seems like the U.S. has a lot of war technology, but ill-trained troops. against a well trained army of most sizes, I would place my bets on the well trained army.
I'll just point out that last time that happened, the "well-trained" army got crushed like a bug. The thing to keep in mind here is that friendly fire reports are a major case of observer bias. You're not going to hear about corresponding cases from other countries because either, they don't do anything risky or they don't report it to the media.
The link above is to the Persian Gulf War, the last time someone of serious military power attempted to fight a pitched battle with a US-led army. In that case, 24% of all casualties from the US were friendly fire. Iraq lost about two orders of magnitude more people than the whole coalition did.
I suppose we could say that the Iraqi army wasn't "well-trained". But in that case where the Iraqi army was considered the fourth largest at the time and seasoned from a recent war with Iran, who is? You'd probably be able to count on one hand with some fingers left over. I'd say Russians, Brits, Israelis, and maybe an EU coalition.
I'm not going to make claims about the future of the US military. They got the dominant military right now, but they aren't taking the steps to keep it in shape IMHO.
Not to mention that most, if not all, attacks against Your country were so low tech in their conception and execution that they could be attributed to another geologic era...
-- no sig today
The difference is that Western corporations do it out of self-interest (as in protecting the individual), whereas corporations in east Asia do it to protect the individual _and_ to "protect the group." That's two hurdles to transparency and accountability as opposed to one. I am not qualified to comment on the normalized (say, by economic influence) magnitudes of transparency and accountability violations in different countries (an empirical question), but at least in terms of underlying psychological motivation, that's one more mental barrier that needs to be overcome.
So no need to get all riled up about the follies of Western corporations because I am well aware of those - I am simply stating that from the perspective of culturally ingrained notions, east Asians tend to have even more misplaced loyalty than Westerners (who are already bad enough).
Cogito, ergo sum, fosho!
In america you save your own face.
In japan you save someone else's.
Absurd. Jesus Christ, ALL aircraft fuel tanks were unarmored in WW-II. An aircraft has to be light. Armor is incredibly heavy; they hadn't any kevlar. Armor was used very judiciously, mostly confined to small slabs around the pilot. I think what you're looking for is the fact they were not self-sealing. They didn't have any armor for the pilot, or fire extinguishers either. None of this was a "defect." It was not a matter of stupidity or incompetence. They made a deliberate decision to value speed, maneuverability, and range over protection. The plane that doesn't get hit is the one that survives, and the Zero was superbly maneuverable, and they ripped the opposition to shreds early in the war.
The A6M5b of 1944 finally did have an "armored" glass windscreen and fire extinguishers, but it was lack of infrastructure for pilot training, and lack of numbers that continued to give them the disadvantage.