Slashdot Mirror
Department of Homeland Security Wants Nerds For a New "Cyber Reserve'"
pigrabbitbear writes "Just three weeks after Defense Secretary Leon Panetta told an audience at the Sea, Air and Space Museum that the U.S. is on the brink of a 'cyber Pearl Harbor,' the government has decided it needs to beef up the ranks of its digital defenses. It's assembling a league of extraordinary computer geeks for what will be known as the 'Cyber Reserve.'"
Ummmmmmm...
Have you just not been reading anything at all about the pervasive SCADA security holes that keep popping up everywhere? Hooking industrial control hardware to the internet to centralize monitoring, control and update has been a huge industry movement. Combine that with a mindset in the SCADA industry and end users that is much more focused on reliability than security and you get the equivalent of thousands of pieces of hardware on the internet with the security equivalent of a wireless router with the default admin account and password.
The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time.
And foaming at the mouth about honest mistakes isn't going to solve anything.
.
You do know that :
-- quite a few of the reserves are actually deployed at the present;
--a lot of the National Guard is called out and deployed at the present;
-- a lot of people who have finished their tours are told that they must re-up.
.
Even if they are not deployed overseas, they are often activated to take the place on base of combat troops who are deployed overseas. So if you're part of the Ready Reserve, be ready to be deployed at any time of need. Not that there's anything wrong with that. Just know about that ahead of time.
I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.
If they actually pay you for it, I doubt they'd let you do it at home.
Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house.
The US military is famous for switching job descriptions once people have entered their ranks.
Many people want to be Air Force pilots for instance, so they sign up with the Air Force, but when they find that it's really too competitive to be a pilot, or they don't have the political connections to make that happen. It's too late already -- they've signed on the doted line. The same goes for State Military Reserves, most thought they were committing themselves for a limited time duration of possibly doing disaster relief work, or at most that they might fight within the US in case it ever got attacked, not they were going to fight in Iraq in a pre-emptive war, and nor did they know that their contracts could be changed indefinitely at will.
As someone who works with this stuff all the time, I feel I can say this with some degree of authority, if you connect your SCADA / PLC system DIRECTLY to a internet connected PC. You should be drawn and quartered / keel hauled for pure stupidity.
I have access to some of my customers sites remotely, all of them are through secure VPN then either RDP from the secure connection or in one case through citrix to the computer in question. If their IT dept can't sort out VPN security that is another issue entirely.
When it comes to industrial gear stability is #1, #2, #3 and #4 on the list of priorities, and #5 is physical security, most plants that I have worked at are fenced and require you to go through a gate house of some sort before you can enter site, this is not because they are doing some super secrete work it is for liability issues, if some retard sneaks onto the site and gets an arm ripped off because they put their hand in some bit of plant, the fines and paperwork would be hideous.
Most computers on industrial sites will be running unpatched XP SP2, but it is ok because there should not be any internet connection to these machines. USB's should also be limited to trusted ones for backups.
Ok rant over.....I could go on....