Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk

chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."

Critical infrastructure and converged IP networks

[najajomo]

'The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack'

Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks. I presume converged is a code-word for 'cloud'. And if the NSA hadn't acted to dilute security on the Internet, these networked devices wouldn't be so easy to attack.

All of this has happened before, all of this will

[crankyspice]

âoeYou'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection.â

Re:Easy

[sir-gold]

If you install a fiber connection to it, and power it with a belt driven generator (driven by an electric motor sitting outside the cage), you can safely use it via remote terminal without compromising the integrity of the Faraday cage.

An EMP might take out the remote terminal and external motor, but everything inside will be fine. Since you still have a working belt-driven generator, you can use a lawnmower engine or something to drive the belt, and run your electronics even without a working power grid.

Just don't rely on a monoculture of systems

[guruevi]

The base of any system security is not to rely on a monoculture. If all your systems run on Windows using the same hardware, software and firmware version which the creators have long abandoned.

Require that critical systems are modifiable by the end user and can be carried from platform to platform, it's the government after all, they can set the laws and reject any contract from entities that are either too large or don't want to adhere to basic rules of security and risk management.

Re:Critical infrastructure and converged IP networ

[speedplane]

Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks.

The problem is that almost everything today is "critical infrastructure". It's one thing to build a separate network for dams and nuclear power plants if you deem those as critical infrastructure. It's another if you deem our entire telecommunications system as critical infrastructure. Moving that to IP based systems is pretty unavoidable today.