Slashdot Mirror
Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk (securityledger.com)
chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."
That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?
Mechanical offline safeties wouldn't be a bad idea for a lot of things.
'The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack'
Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks. I presume converged is a code-word for 'cloud'. And if the NSA hadn't acted to dilute security on the Internet, these networked devices wouldn't be so easy to attack.
âoeYou'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection.â
geek. lawyer.
If you install a fiber connection to it, and power it with a belt driven generator (driven by an electric motor sitting outside the cage), you can safely use it via remote terminal without compromising the integrity of the Faraday cage.
An EMP might take out the remote terminal and external motor, but everything inside will be fine. Since you still have a working belt-driven generator, you can use a lawnmower engine or something to drive the belt, and run your electronics even without a working power grid.
Winter or Cylons are coming. One of those.
Some drink at the fountain of knowledge. Others just gargle.
Um no, that is not the solution, the solution is to air gap anything you cant afford to have break due to hacking, and hunt down criminal hackers around the world. Treat state sponsored hacking like an act of war, and make sure everyone knows you will respond with devastating force.
Air gapping critical infrastructure should be a federal law, because anything connected can eventually be hacked given enough time and resources.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Listen up children and I'll tell you the solution. The solution is to not run your critical infrastructure on converged IP based networks.
The problem is that almost everything today is "critical infrastructure". It's one thing to build a separate network for dams and nuclear power plants if you deem those as critical infrastructure. It's another if you deem our entire telecommunications system as critical infrastructure. Moving that to IP based systems is pretty unavoidable today.
Fast Federal Court and I.T.C. updates
If you want to prevent a wholesale shutdown of services by hackers then the best way to do that is to disconnect your most vital systems (water, electricity and transportation) from communications networks (the internet).
* The last reason (price) for not using solar+battery almost everywhere is fading fast and we should encourage the proliferation of isolated power systems. With the exception of exotic locations, only businesses should need to have access to the power grid.
* Depending on and funding combative nations to fuel our transportation has been foolish since day one, we need to switch to electric vehicles posthaste.
* Finally, we need to start changing our water systems into closed loop systems to conserve the water we can access to minimize external dependency because the climate is changing.
We have two choices: adapt or die.
Anons need not reply. Questions end with a question mark.
Our society cannot function on steampunk technology - if it did it would be a different society, no matter how alluring the aesthetic.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
If critical infrastructure fallback systems are economically obsolete, it says a lot about the obsolescence of that economic system.
Telcos have been actively pushing residential customers off of copper wire and onto VOIP, and making ENORMOUS savings on their costs - but continuing to charge the rates that used to pay for copper landlines. The only savings to the customer is free long-distance, which costs practically nothing for the telcos to provide.
And yet, when the power goes out, so does my VOIP phone line, provided by the local telephone company. I've got a UPS to power the phone router, but apparently there isn't one at the telco switch. So when power goes out, so do the "landline" phones, AND the cell system (which is ALSO powered by the electric utility).
I really ought to buy a new HAM radio, since I used to be an ARES operator. Because in a widespread power outage. that might be the only communications link.
"Servers will probably time out trying to deliver a web page through it."
There's your problem right there. "Web pages" are inherently full of fluff. You don't need pictures to run control systems; you could do it all in plain text, or even XML, and 300 baud would be "fast enough" for most purposes.
> 300 Baud is plenty, stop thinking in your silly webpage
That might have been true for credit card terminals prior to chip verification (that basically just had to dial in, confirm that the card number, expiration date, and (maybe) CVV was legit, and get confirmation that the transaction was likely to be approved... but with NEW cards that have a chip for authentication, a 300-baud CC terminal will take upwards of TWENTY SECONDS to complete a single transaction due to all the handshaking and (relatively) large blocksize required for robust encryption. Twenty seconds doesn't sound like a lot, but for a business that has multiple customers in line at any moment in time (say, McDonalds or a grocery store), adding that much time to every transaction would be crippling. McDonalds (just to name one company) has spent literally MILLIONS to make sure that the total time from "swipe" to "thank you, here's your receipt" is never longer than 5 seconds.
Of course not. What they want is to quit using an obviously insecure technology designed for entertainment and casual communication for command and control of critical infrastructure. Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon.
Like the his faithful Indian companion Tonto used to ask the old Lone Ranger. "What now Kimosabe?"
At least, these guys have a plan of sorts. Leave the phone lines in place. The financial community's response to similar problems is to pretend the problems don't exist. Anyone want to bet on THAT ending well?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
The monoculture is unavoidable in industry unless you want to spend an exorbitant amount on service contracts and staff training. Latest trends tend towards reducing the different number of systems and the different platforms not only because of costs but also due to reliability reasons as a variety of different systems work in different ways and experts which are too thinly spread across platforms tend to make more mistakes.
The monoculture is unavoidable in industry unless you want to spend an exorbitant amount on service contracts and staff training. Latest trends tend towards reducing the different number of systems and the different platforms not only because of costs but also due to reliability reasons as a variety of different systems work in different ways and experts which are too thinly spread across platforms tend to make more mistakes.
Pay me now, or pay me later. As usual, the cost of the 'later' option is likely to be much higher - perhaps as much as your life is worth.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.