Slashdot Mirror
At How Much Risk Is the US's Critical Infrastructure? (csoonline.com)
itwbennett writes: There is growing evidence that intrusions into the power grid and other critical infrastructure by hostile foreign nation states are real and happening. But there's "much less agreement over how much of a threat hackers are," writes Taylor Armerding. "On one side are those – some of them top government officials – who have warned that a cyber attack on the nation's critical infrastructure could be catastrophic,"writes Armerding. Others are crying FUD, including C. Thomas, a strategist at Tenable Network Security, who got some attention when he argued in an op-ed that the biggest threat to the U.S. power grid not a skilled hacker, but squirrels, are crying FUD. Who has it right? Agreement seems to coalesce around two points: 1) the cyber security of industrial control systems remains notoriously weak and 2) hostile hackers will improve their skills over time. So, while we haven't reached "catastrophe" yet, a properly motivated terrorist group could become a cyber threat.
Because the former is WAY greater a threat than the latter.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
But they aren't very organized. Once they set up a twitter feed, or at least unionize, I'll start being concerned.
OMG Critical infrastructure should never be connected to the intertubes!!!!!
"The biggest risk is squirrels."
Do these people not understand that these two statements are not contradictory? Does anyone here understand that? The question "who is right" is trivial to answer. Both are.
A cyber attack could be catastrophic, albeit rare. And squirrel outages, due to the comparatively high rate of occurrence combined with the level of damage, are a bigger risk.
As some one whose worked in industrial automation (PLCs and their ancillary products) the infrastructure is most definitely at risk. The only thing keeping terrorism at bay is the technical knowledge necessary to mess with it. Engineers at power stations are old farts, and they like things a certain way, the old way. PLCs communicate to other machines in the field using ancient serial protocols, proprietary back planes, and discreet data points. As Rockwell and Siemens and etc decide they need to wake up to the real world however they are putting more of their data over ethernet, but security is an afterthought, and there's your problem. They are designing security into newer protocols, I actually worked on something called DNP-3, and that specification does have an encryption layer in it. I come on to add AES-256 to an existing implementation. Again, afterthought. The effect out in the field of course is that new impl. will cause disruption, consuming devices will need to be upgraded, and etc. That costs money. And so on. Its rarely the case that one simply needs to add a password to an existing infrastructure. Even if that is all that's needed, it usually will still have a cascading effect.
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Squirrels don't work in groups.
You are so, so very wrong.
The problem is that most people who know that squirrels work in groups are now dead. Very very dead. With Oak trees growing out of their rotting corpses.
Posting anonymously for obvious reasons...
The $800 billion stimulus bill was too small to make an impact and too many states used the money to pay for ongoing expenses rather than investing in infrastructure projects. It should have been two to three times larger. With the baby boomers retiring and the working taxpayers shrinking over the next 20 years, paying more taxes is an inevitable fact of life.
Don't listen to him. He is clearly nuts. I am totally not a squirrel. You can trust me.