Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk

chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."

I wonder if they realize...

[ZorinLynx]

That ever since the 80s, those copper lines simply plug into a digital phone switch anyway?

Re:I wonder if they realize...

[Woldscum]

Communications Assistance for Law Enforcement Act (CALEA)

https://en.wikipedia.org/wiki/...

The government PAID AT&T, Sprint and Verizon to upgrade the switches to IP. The FBI added Colo cabinets at the main switch sites. The FBI can wiretap directly WITHOUT interacting with the Companies. OC-12s direct in the switch matrix. No more echo cancellers or M13s. OC12 in and out of the switch to a DSC/DXC.

"In 2006 Nortel introduced the Communication Server 1500 (CS 1500) Softswitch based on VOIP to modernize the DMS based telephone switches. A CS 1500 softswitch system can replace all the DMS component modules except for the LCMs, reducing the footprint of a DMS-100 to one 19" rack and allowing operators to reduce cooling and power requirements significantly"

Re: I wonder if they realize...

Why would you dismantle the copper phone network?

Perhaps because it is (or seems to beancounters) expensive to maintain. The cables are quite old and do break and then need fixing. The thing is of course that it provides something you previously got "for free" as in you were paying for the network anyway and its resilience got taken for granted. Now, we're paying for something else, like computer networks, and don't see why we're still having to pay for "something we don't use" all that often. These people are saying the resilience we used to get for free (because the network was just that well-made) is important enough that we should keep the thing around.

Me, I think that simply saying "keep the old stuff" isn't good enough. Instead, realise that traditional telco engineering is wildly different from the computer networks techie engineering, as can be seen from comparing, say, atm and ethernet. I'm not talking about bitrates, I'm talking about the other guarantees that atm does provide and ethernet hardware expects higher layers to "fix it in software" in spite of its best efforts to thwart it. It's a mindset difference.

Computer network "engineering" is quite frequently "marginal in the best case is good enough", where telco engineering is more like "full service in the worst case and we'll reluctantly call it a day". I'm not talking telco management stupidity and incessant price gauging, I'm talking engineering mind-set. Traditionally-engineered telephone service will continue during black-outs, despite the hardware obviously needing power to do so. Modern, "converged" telephone service very likely won't, for so many reasons it's not funny any longer.

So I think that in the long run it's going to be cheaper and more functional to remember how and why the POTS was engineered like it was, and do something similar with modern technology. Perhaps as a second network for critical infrastructure, since you really should keep it separate from the other networks anyway, "converged" or not.

But do it with tech that's closer to what's being used for the other network, like glass, only with much less complexity and more hard service guarantees, like battery backups, truly geographically diversified redundant routes, easily manufacturable parts, and low-power hardware so the batteries last longer, perhaps with solar panels to power distribution points, and so on, and so forth. You can do a lot here beyond relying on century-old tech. But if that old tech truly is the best, then we'll use that. It's about functionality that the modern stuff simply doesn't provide and isn't really designed for, not clinging to times past.

All of this has happened before, all of this will

[crankyspice]

âoeYou'll see things here that look odd, even antiquated to modern eyes, like phones with cords, awkward manual valves, computers that, well, barely deserve the name. It was all designed to operate against an enemy who could infiltrate and disrupt even the most basic computer systems. Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection.â

Re:Easy

[sir-gold]

If you install a fiber connection to it, and power it with a belt driven generator (driven by an electric motor sitting outside the cage), you can safely use it via remote terminal without compromising the integrity of the Faraday cage.

An EMP might take out the remote terminal and external motor, but everything inside will be fine. Since you still have a working belt-driven generator, you can use a lawnmower engine or something to drive the belt, and run your electronics even without a working power grid.

Do not question Commander Adama

[goombah99]

Winter or Cylons are coming. One of those.

Disconnect and decentralize

[Gravis+Zero]

If you want to prevent a wholesale shutdown of services by hackers then the best way to do that is to disconnect your most vital systems (water, electricity and transportation) from communications networks (the internet).

* The last reason (price) for not using solar+battery almost everywhere is fading fast and we should encourage the proliferation of isolated power systems. With the exception of exotic locations, only businesses should need to have access to the power grid.
* Depending on and funding combative nations to fuel our transportation has been foolish since day one, we need to switch to electric vehicles posthaste.
* Finally, we need to start changing our water systems into closed loop systems to conserve the water we can access to minimize external dependency because the climate is changing.

We have two choices: adapt or die.

Re:Copper is also digital

[vtcodger]

Of course not. What they want is to quit using an obviously insecure technology designed for entertainment and casual communication for command and control of critical infrastructure. Maybe the internet can actually be secured. But so far, all the signs seem to say that it can not be -- at least not any time soon.

Like the his faithful Indian companion Tonto used to ask the old Lone Ranger. "What now Kimosabe?"

At least, these guys have a plan of sorts. Leave the phone lines in place. The financial community's response to similar problems is to pretend the problems don't exist. Anyone want to bet on THAT ending well?