Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Warns Of 'Ongoing' Hacks Targeting Nuclear and Power Industries (reuters.com)

Posted by EditorDavid on from the critical-infrastructure dept.

An anonymous reader quotes Reuters: The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.
According to the report, the Department of Homeland Security "has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign."

60 of 101 comments (clear)

  1. Well.. by fluffernutter · · Score: 4, Interesting

    Isn't it too bad we do nothing but discourage intelligent local grads from going into the IT industry, by making it clear that salaries and compensation in the industry are to be limited by the economies of the very people who are attacking us.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    1. Re:Well.. by rmdingler · · Score: 2, Insightful

      Isn't it too bad we behave so poorly in the role of Superpower that several to many sovereign nations would be on the suspect list.?.?.?

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    2. Re:Well.. by DNS-and-BIND · · Score: 2

      Yeah, it's about time we gave that crap up. We did a piss-poor job, and neglected our own people to do it. You'd think spending $6 trillion dollars (that's $6,000,000,000) on international affairs would fix things, but they're as broken as ever. That money is spent, it's never coming back, and we badly need to fix our own country and help our own people. We need to stop meddling abroad and mind our own business. The world hates us for a reason.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    3. Re:Well.. by ls671 · · Score: 1

      You'd think spending $6 trillion dollars (that's $6,000,000,000) on international affairs would fix things...

      LOL!

      https://www.google.by/search?q...

      --
      Everything I write is lies, read between the lines.
    4. Re:Well.. by DNS-and-BIND · · Score: 1

      Oops! Looks like six trillion is such a huge number that nobody even knows how to represent it without scientific notation. THAT'S how much money America could have spent improving itself, but didn't. Instead the money went to harm countries that totally hate us now, so our elites could play world police. It's high time it came to a screeching halt.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    5. Re:Well.. by rtb61 · · Score: 1

      You are really, really slow to catch up. This is way beyond governments, this is actual corporate wars. Take out a competitors computer system and you can seriously screw them up and cost them a ton of business which you can then grab.

      The idiots keep saying Russia this and China that and because they wanted to play stupid global political games, they ignored the reality, it was Russian Oligarchs and Chinese Oligarchs and of course US Oligarchs and EU Oligarchs and well, many corporations from all over the globe started joining in. Corrupt executives paying people to hack competitors, to cripple their revenue and shift that revenue into the corrupt executives bonus plan. Those large extremely economically dangerous corporations doing all sort of crap for an economic advantage.

      This is exactly how you would expect World War III to start, the corporate wars. Messy stuff, funding war contractors to do all sorts of insane shit, well, beyond just hacking each others computer networks, to steal data, steal research, expose public information, expose any corruption, steal crucial financial data, steal employee data (which to poach and which to avoid), steal customer information and of course simply crash the system for as long as possible.

      Don't think of it occurring at the boardroom level, yet, mainly still at the corrupt executive level and padding bonuses with what is a pretty small investment, on the attack side, defending computer networks is far more expensive than bringing them down. Corporations are even using their own governments to launch attacks, with the right payoffs of course (dangerous stuff). Think grabbing a highly placed tech security exec and back dooring them for back doors (when you can readily causes ten of millions of dollars in damage even billions in damage, spending a million to grab someone gets within easy reach). Greed driven stupidity will cause a lot of harm.

      --
      Chaos - everything, everywhere, everywhen
    6. Re:Well.. by drinkypoo · · Score: 1

      Isn't it too bad we behave so poorly in the role of Superpower that several to many sovereign nations would be on the suspect list.?.?.?

      Your naivete would be charming if we weren't talking about international politics. You can't make all the other nations behave by just being nice. There is no nation on the planet which wouldn't be happy to pick the USA apart in order to get just a few percentage points stronger.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:Well.. by blindseer · · Score: 3, Interesting

      What, precisely, did we do to these nations? I mean, why do you believe that they are attacking us?

      The USA has a large enough military to crush any nation it chooses and yet we don't. We have embassies all over the world, like any other nation. If some nation has a grievance against us they can start talks in these embassies in their own nation or that of a neutral third party. Have you actually listened to their demands?

      These nations don't ask that we leave them alone. They want us dead. Take North Korea as an example, what do they want? The Kim family wants to rule the world, and they can't do that so long as we have our troops in South Korea and Japan. Take your pick of Muslim nations, what do they want? They want the world to bow to Mecca. That's not going to happen so long as America is able to defend itself. What about Russia? They want to restore the Soviet Union, where the sun never sets on their empire.

      The USA is hated because we live free from their rule. They attack us over the internet because they cannot drop bombs on our heads. We've been fighting off Muslim invaders since before America was even a nation. The Barbary Wars were fought to keep these Muslims from taking American ships and enslaving the passengers and crew. They attacked us because they attacked everyone that didn't pay tribute.

      Tell me, how should the only megapower on Earth be acting right now? What do you believe we should be doing to stop their attacks? I believe these attacks will not stop so long as free people stand to oppose communism and Islam. We can stop the attacks but that would mean destroying them or submitting to their rule. I don't like the status quo but it's better than the alternatives.

      --
      I am armed because I am free. I am free because I am armed.
    8. Re:Well.. by rmdingler · · Score: 3, Interesting

      You can't make all the other nations behave by just being nice.

      That's as true a statement as You can't make all the other nations behave.

      What we could do better is lead by example. The US is a microcosm of the World as a whole: many different nationalities, religions, races, ideas, and belief sets. I'd say working to make the melting pot work, instead of crippling ourselves with rabid partisan infighting, would be a great first step.

      If it can't be done here, in this unprecedented era of peace and prosperity, the World's prospects are bleak.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    9. Re:Well.. by rmdingler · · Score: 3, Informative

      The US does not represent the worst possible outcome for the rest of the World as its preeminent Superpower. Far from it.

      For starters, though, it would be nice to measure our worth by how much better we could be doing, as opposed to setting the bar at how much worse we could be.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    10. Re:Well.. by DNS-and-BIND · · Score: 1

      Ah, yes, the good old "measure America against an imaginary Utopia, instead of measuring it against all the other countries that exist in reality." That argument never gets old, because it is literally unachievable and you never get to stop bashing America with it.

      Utopia literally means, "no place". It is impossible to get there no matter what.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    11. Re:Well.. by DNS-and-BIND · · Score: 1

      The "melting pot" is a discredited racist concept from the 1970s. It was long ago replaced by multiculturalism. Instead of immigrants losing their unique cultures and becoming generic "American", now we have a vibrant diversity where people keep their cultures after becoming US citizens. It doesn't do you any credit to keep beating dead horses like "melting pot'.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    12. Re:Well.. by fluffernutter · · Score: 1

      The USA has a large enough military to crush any nation it chooses and yet we don't.

      You basically answered your own question. We don't crush them with our military because by conducting virtually anonymous cyberattacks disassociated from any official government, they have a chance at causing real harm risk free.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    13. Re:Well.. by fluffernutter · · Score: 1

      Exact pi can never be achieved either, yet we measure by it all the time.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    14. Re: Well.. by raind · · Score: 1

      Who is naive believing were the only Super power on earth ?

      --
      Get up!
    15. Re: Well.. by raind · · Score: 1

      Your blind

      --
      Get up!
    16. Re: Well.. by blindseer · · Score: 1

      The USA isn't a superpower. Hasn't been for a long time. It's a megapower, we've surpassed superpower status. And the USA is the only megapower.

      How many aircraft carriers are there in the world with a displacement over 100,000 tons? Eleven. How many of those does the USA own? Eleven. Each one carries about 60 jet fighters, and each jet can carry about 8 tons of weapons. That's just the start of the military power.

      To back up that military is an economic power that produces 20% of the world's wealth. I couldn't find the numbers real quick but I recall it would take the next four nations combined to compare to the USA in military and economic might.

      I'm pretty sure that the USA is above superpower status, and is alone in that status.

      --
      I am armed because I am free. I am free because I am armed.
    17. Re: Well.. by Stephen+Battleware · · Score: 1

      Did these U.S. police use bobby sticks and community kiosks, or did they use F4s to napalm villages? It was a war, whether or not the U.S. gov't acknowledges it. It took the vets here eons to get the Korean War recognized as such, and many vets were denied all manner of support because the gov't wouldn't admit it was a war - but it was. What a disgrace those are who won't call it what it was: a war.

  2. Microsoft's fault by atomicalgebra · · Score: 2, Informative

    Any bets the majority of compromised computers ran a version of windows? We need to stop using Windows in these environments.

    1. Re:Microsoft's fault by EzInKy · · Score: 1

      The old adage of putting all your eggs in one basket comes to mind here. No one in the US would be stupid enough to bet solely on one company.

      --
      Time is what keeps everything from happening all at once.
    2. Re: Microsoft's fault by EzInKy · · Score: 1

      Good point! But which would be harder, finding flaws in Microsoft Libraries or finding flaws in Microsoft Libraries and Linux Librararies and BSD libraries and other System Libraries? Microsoft isn't known for supporting other System Libraries as far as I know.

      --
      Time is what keeps everything from happening all at once.
    3. Re:Microsoft's fault by thegarbz · · Score: 1

      Any bets the majority of compromised computers ran a version of windows? We need to stop using Windows in these environments.

      And THIS is the exact kind of thinking that causes big gaping security issues for companies. The idea that there's a single solution rather than an entire philosophy to security is not only absurd, it's absolutely downright dangerous.

      Not running Windows protects you from random online malware designed specifically to attack as large of an install base as possible to maximise return. It does NOTHING for a targeted attack. Have you learnt nothing from the likes of Stuxnet? A piece of malware coded specifically against a vulnerability of a specific model of a specific PLC?

      I really hope you're not in the security industry, but if you are let me know where. I'm ... errr ... asking for a Russian .... friend.

    4. Re:Microsoft's fault by atomicalgebra · · Score: 1

      And THIS is the exact kind of thinking that causes big gaping security issues for companies. The idea that there's a single solution rather than an entire philosophy to security is not only absurd

      I never suggested a single solution. I only commented that windows is a bad solution. It is less secure then other platforms. It is more vulnerable then bsd or osx. We need to move to more secure platforms. We need to stop making it easy for foreign hackers. I am not sure why you think Windows is a secure platform.

      Have you learnt nothing from the likes of Stuxnet?

      I learned a lot from stuxnet. These attacks are a beachhead. They might not be directly connected to critical infrastructure, but they have information about said infrastructure. It is feasible that an attacker can find information that a component in the system needs to be replaced. They can then compromising that component before it is installed.

    5. Re:Microsoft's fault by blackhedd · · Score: 1

      Lots of control systems incorporate HMIs and other software that not only requires Windows; they often require very specific back-versions of Windows supplied by the systems vendors themselves. It's easy to say "don't run Windows" or "if you must run Windows, keep it updated and patched," but that's not realistic. And that's for some very good reasons: software that controls machines simply must be tested to a far higher standard than software that humans will use, because machines aren't as adaptable as humans. A bug or regression caused by an OS patch might be annoying to a human user, but in a control system it could bring down a process or even create safety problems. Patching Windows in shop-floor applications can amount to running a huge beta-test with your most critical business assets, and even with people's lives.

      The vendors of control systems have long recognized this, which gives rise to another reason you often can't patch or update Windows: they'll stop supporting your controls if you do. And that's something no production manager can allow.

  3. Probably just the DHS' pen testing again? by Rujiel · · Score: 1

    No different than the supposed power plant attacks during the election last year?

    1. Re:Probably just the DHS' pen testing again? by gtall · · Score: 1

      Errmmm....you mean the Ukranian power plants? They got zapped or did you not get the memo?

  4. sophisticated hackers by turkeydance · · Score: 2

    pics or it didn't happen

  5. Why are they connected at all? by Anonymous Coward · · Score: 1

    When read stories like this I wonder:
    Why were these facilities ever hooked up to the Internet at all?
    Why did they not use a computing system that is compatible with anything else?
    Answers
    1. There are benefits to adding computers and internet connections to such facilities, probably a long list a very big benefits
    2. A proprietory or unique computing system would lose out the benefits of ongoing major advances in computing occurring is 'mainstream' computing, driven by billions of dollars and millions of human beings working at all the time.

    The Fail:
    The possible major damage to such facilities, or major interruption of service. Note that this is a new vulnerability.
    Comment: Prior to the internet these facilities worked. It isn't necessary for them to be hooked up to the internet in order for them to work. (Yes, they may have been hooked up to some Arpanet of something).
    I think it is a failure of benefit vs risk analysis.
    Meanwhile we are rushing into the IOT...

    1. Re:Why are they connected at all? by ChrisMaple · · Score: 1

      How would a nuclear power plant have "benefits of ongoing major advances in computing" that would involve a computer controlling the power plant?

      --
      Contribute to civilization: ari.aynrand.org/donate
    2. Re:Why are they connected at all? by AHuxley · · Score: 1

      AC The thinking was to replace a lot of union workers working in shifts all along the networks with more regional computers.
      A person with the required skills could watch an entire network.
      That would free up spending on wages, pensions and having to deal with unions.
      The result was a rush to use contractors to network entire regions. Contractors vs 24/7 union workers.
      The air gapped protections and workers on site got replaced with new internet facing networks.
      Years later reality sets in. The random internet has discovered strange vital networks once thought isolated and safe.
      Dual use www/internet and "secure" networks have limitations.
      Contractors are now back with wild cyber stories to push for funding to re upgrade the networks with more security.

      --
      Domestic spying is now "Benign Information Gathering"
  6. How can we tell? by techdolphin · · Score: 1

    Our infrastructure is old. How can we even tell if it has been compromised.

  7. Don't worry retard APK will tell us about hosts by Anonymous Coward · · Score: 1

    Don't worry I'm sure that retard APK will tell us about how his hosts file will stop all this.

  8. I guess by bobstreo · · Score: 1

    EMP attacks on the grid were too difficult to do right.

    1. Re:I guess by Anonymous Coward · · Score: 1

      Why would you assume that? It's a major escalation to accomplish that kinetically. To do so in "unattributed" hackerspace and then play pussy is much less risky.

      Donald Trump can't deny a bomb, even if he can (pretend to be dumb enough to) deny Putin is an adversary otherwise.

  9. Honeypots by Anonymous Coward · · Score: 1

    I'd like to see many more honeypots set up. Make 'em think they're doing something, and put the real stuff on highly encrypted VPNs and stuff.

  10. Start a fight... by VeryFluffyBunny · · Score: 5, Insightful

    Why did the NSA and CIA start a cyber arms race when the USA is the most vulnerable to the kinds of attacks it's creating and therefore provoking from non-USA aligned countries?

    --
    Debate is a form of harassment. Do not question my truth.
    1. Re:Start a fight... by rmdingler · · Score: 1

      Why did the NSA and CIA start a cyber arms race when the USA is the most vulnerable to the kinds of attacks it's creating and therefore provoking from non-USA aligned countries?

      Hacking doesn't necessarily favor the poor, underdeveloped, cash-strapped nation-states; yet, it does level the playing field a bit.

      A relatively small fraction of a Superpower's military budget can be allocated to achieve successful cyber disruption.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    2. Re:Start a fight... by gtall · · Score: 2

      Errr...because other countries were going to do it regardless of what the U.S. did?

  11. Re:A cyber what now? by ChrisMaple · · Score: 1

    the Heritage Foundation, a vote suppression organization

    That this a plain and simple lie.

    --
    Contribute to civilization: ari.aynrand.org/donate
  12. It really is a shame!! by EzInKy · · Score: 1, Interesting

    The US has been waging war against its citizenry since its inception. Free thought itself is even outlawed in its very Constitution. Read Article 1, Section 8, Clause 8 if you don't believe the government doesn't want to regulate freedom of thought in the country.

    --
    Time is what keeps everything from happening all at once.
  13. Re: A cyber what now? by koomba · · Score: 1

    Umm I think you might want to do a little reading before just discounting him like that. Heritage Foundation goes on and on about massive voter fraud, and was the driving force behind establishing the ridiculous Presidential Advisory Commission on Election Integrity.

    They claimed 1100 cases of fraud based on their research, yet that number is highly deceptive at best, and more frankly not true. Their own research: https://www.brennancenter.org/... makes their claims look ridiculous, and in fact makes a very strong case for the opposite of their claims of massive fraud.

    Per the numbers from their own database, the 1100 is actually just a worst case scenario, possibly fraudulent cases. But if you actually look at the numbers, it's nowhere close to as bad as they claim. Just a just a couple highlights:
    1. They looked at votes going back at least to 1948, only 105 possible instances were in the past 5 years.
    Just 10 in person impersonations out of BILLIONS of votes examined.
    And for Trumps claim of OMG MILLIONS of illegals voting to STEAL the popular vote from him? 41 cases, again, out of billions.

    So yeah, when a private organization essentially gets to create a government commission and uses spin and deception to paint a far more dire situation than their own research suggests, I think it's fair to suspect they may have ulterior motives.

  14. Re: A cyber what now? by koomba · · Score: 1

    Yes and probably all this as well, there is plenty of next to irrefutable evidence for most of that too. I was just highlighting the voter suppression part, since that's all that was mentioned in the parent post.

  15. Re:Pull that cable! by scsirob · · Score: 1

    Pull the cable to the internet. There is NO excuse to hook up critical infrastructure to the internet. None whatsoever! If you need constant monitoring of stuff, give someone a job to monitor. Do not, I repear, do NOT hook your systems up to the internet just to save a quick buck!

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
  16. Re:Pull that cable! by thegarbz · · Score: 2

    Is that your security philosophy? If that's the case then you're an idiot. Pulling a cable doesn't make something secure. You need an entire culture of security to do that.

    None whatsoever!

    Oh I see now you don't actually work in the industry. Sorry but there's a myriad of reasons that these systems need to be networked over a wide scale, the least of which isn't that they don't work otherwise.

    If you need constant monitoring of stuff, give someone a job to monitor.

    Err no. Get a clue.

  17. Re:Pull that cable! by someone1234 · · Score: 1

    Pulling the cable makes something more secure. It drastically diminishes the number of potential intruders. Having no physical connection is the best kind of firewall. Anything that doesn't need to be on the Internet shouldn't have a connection, so instead of a good firewall, you should chose the best firewall.
    This 'need to be networked' thing is nice on paper, but in fact, a lot of these 'needs' are not your own (company's) needs.
    If you think everything has to be on the Internet, then in your words 'you are an idiot'.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  18. Re:U.S. ... Denounced by whit3 · · Score: 1

    U.S. Warmongers' Reckless Action Denounced

    According to the statement, on Oct. 10 brass hats of the U.S. military at the Department of Defense reported to Trump the military options toward the DPRK. ... This shows that the U.S. started a war against the DPRK...

    Well, no, it just means that military planning for contingencies is happening. Hey, it's called 'preparedness', and isn't an act of war. Stockpiling of food, water, blankets against times of catastrophe isn't starting a disaster, either.

  19. Re:Pull that cable! by Mr+D+from+63 · · Score: 1

    Pull the cable to the internet. There is NO excuse to hook up critical infrastructure to the internet. None whatsoever! If you need constant monitoring of stuff, give someone a job to monitor. Do not, I repear, do NOT hook your systems up to the internet just to save a quick buck!

    Articles like this would have you think that nuclear power plant control systems are connected to the internet, but they are not. The authors use intentionally vague wording.

  20. Re:Pull that cable! by thegarbz · · Score: 3, Interesting

    Pulling the cable makes something more secure. It drastically diminishes the number of potential intruders.

    Not necessarily. Quite often pulling the cable makes everything less secure as it breeds a culture of complacency at best and breeds a better kind of idiot at worst. Pulling a cable is absolutely no substitute for actually having security thought through in the organisation, and I'll take well thought out firewall / VPN infrastructure any day over the pull the cable approach which by its nature necessitates bypassing the airgap.

    Anything that doesn't need to be on the Internet shouldn't have a connection, so instead of a good firewall, you should chose the best firewall.

    You've lost. Everything needs a network connection somewhere, and every network eventually needs a connection to the internet. The key is segregation in the design stage. Otherwise you'll end up with what we call box-rot, a set of computer systems isolated constantly being connected to and from with various mechanisms or best yet, ignored completely with security issues more wide open than a $2 hooker.

    This 'need to be networked' thing is nice on paper

    That paper is often one of the following:
    - Legal requirement
    - Technical limitation
    - Geographical limitation
    - Operational limitation

    Most organisations would be unable to operate a local compressor without some access to a wider network let alone a country wide wind farm, energy grid, etc.

    If you think everything has to be on the Internet, then in your words 'you are an idiot'.

    But I repeat myself: Oh I see now you don't actually work in the industry.

  21. Re:Pull that cable! by gtall · · Score: 1

    Brilliant, companies can damn well create their own private networks to manage their distributed systems. They should be able to recreate their own private internets in about, what, a year or two in your pink unicorn world? No doubt they'll be able to all hire the best network engineers to pull off this task. The fortune 100 companies can all create their own internets, 100 of them. That will surely lower the attack surface!!! Wow! Have you told these companies how to make their distributed systems secure? I'm sure they'll listen to you!!

    Oh, be sure to include the cost of continuing network operations for running their own private networks too while you are at it. Just so you don't miss anything, you'll be wanting to include equipment costs (stuff wears out), personnel (hint, they like job security, medical ins., retirement plans), facilities costs (can't just throw the new equipment anywhere), energy costs (damn, the energy companies don't just give it away), local and federal regulations (admittedly these are not large but you'll be wanting to add increasing dollars for future regs since those appear to be percolating in Congress), redundancy (the internet...get this...is very redundant and networks rely upon that redundancy to keep up and functioning). I'm sure I've missed a few costs, no doubt they'll occur to you as you write your recommendation to companies.

  22. I dare you hackers!! by Faw · · Score: 1

    Come and try ti hack the power company here in Puerto Rico. You will fail miserably!!!

  23. More of a problem for those small grid renewables by Applehu+Akbar · · Score: 1

    I'm assuming that critical energy infrastructure is airgapped from the Internet. Any single large-scale generating plant is easy to isolate, because all the maintenance is being done by permanent onsite staff.

    But how do you isolate the grid itself? It inherently has to be controlled as a network, which you dutifully isolate at the outset from all other networks. Still, the vast array of spread-out components in a grid comes into close contact with possible malefactors at many points, most of which are unmanned and many of which would not be difficult to inject from the Internet directly, or from small portable devices carried by people dressed in stolen utility uniforms. Nobody passing by is going to question what that guy in a Local Electric truck is doing up on that pole, will they?

    But the grid as it stands is for the most part dumb, which makes the outer parts of it not all that vulnerable to hacking. Now look at what happens when we start connecting small-to-medium scale renewables on the grid. Not only are there a lot of small unattended wind turbines and solar panels all over the place (just imagine the potential of a Stuxnet-style attack on wind turbine software that prevents whole windfields from feathering during a storm), but these generators have to be data-networked to the grid, to make regional control possible. The grid itself will need a much richer data connection among all of its components than it does now. The next generation of smart utility meters will not just gather continuous load information, but will have the ability to turn major user appliances on and off as supply fluctuates.

    Hackers getting loose in smart grids could destroy entire cities.

  24. Controll systems om publicly accessable networks by bn-7bc · · Score: 1

    I might be naive bot would not a big paty of theese concerns be mittigated if we removed the controll systems from publikly accessable networks (yes this includes pstn/isdn, Isolated network on dedicated fiber. correct me if Im wrong but if a system cannot be accessewd from the outside you atacjk surface is gratly reduced

  25. Re:Pull that cable! by Aighearach · · Score: 1

    Your whole post boils down to the false claim, "Everything needs a network connection somewhere, and every network eventually needs a connection to the internet."

    If you turn your conclusions into presumptions all you do is go in a circle like an idiot.

  26. Ongoing hacks targeting critical infrastructure .. by najajomo · · Score: 1

    Have the ever considered not connecting their critical infrastructure devices directly to the Internet and instead use VPNs running on embedded hardware.

  27. Re:Pull that cable! by thegarbz · · Score: 1

    Your whole post boils down to the false claim

    The claim is only false outside of the industry and backed up by 4 key points you see coming up over and over again.

    But I repeat myself: Oh I see now you don't actually work in the industry. ... Wait you're not the OP, well then clearly there's more of you.

  28. Re:Pull that cable! by Aighearach · · Score: 1

    Oh I see now you don't actually work in the industry

    What industry is that? I didn't mention it in this comment. Did you read the part I wrote that said

    If you turn your conclusions into presumptions all you do is go in a circle like an idiot.

    So you want to be more truthy by forming an idiotic belief about what industry I work in? That wouldn't make your comments any more considered.

    What industry do you imagine a person would need to work in to know that "Everything needs a network connection somewhere, and every network eventually needs a connection to the internet" is a false statement? It seems actually that anybody who works in any industry that uses networks should be able to evaluate the statement. There isn't one narrow industry where the Appointed Poobahs would have the Secret Knowledge of What Is A Network. ;) And surely people who work with networking would know it, though the funniest part is that most of the workers who work with networks are not in any particular industry, they're distributed across all industries.

    Don't sell yourself short, I'm sure you can impersonate a macho cheesehead and run around the circular logic one more lap and say something even stupider.

  29. Re:Pull that cable! by thegarbz · · Score: 1

    What industry is that?

    Fuck me, it's not like the industry isn't written in the title bar of your browser right now!

  30. Re:Pull that cable! by Aighearach · · Score: 1

    You weren't responding to the title bar of your browser... were you? Oh.

  31. Re:A cyber what now? by wyHunter · · Score: 1

    Undoubtedly a plain and simple lie spread by a leftist.

  32. Re:Pull that cable! by someone1234 · · Score: 1

    >Quite often pulling the cable makes everything less secure as it breeds a culture of complacency at best and breeds a better kind of idiot at worst.
    Strawman. I didn't mean neglecting security patches or just any software upgrades. Upgrade offline, if you have a bug that is confirmed fixed by a patch. But never allow a 3rd party to issue a half-decent patch which will be silently applied on your production environment. Oh, wait, "i see you are not working in the industry"

    >That paper is often one of the following
    That paper is often created by lazy people who fall for buzzwords.

    >But I repeat myself: Oh I see now you don't actually work in the industry.
    Where did you see that? You checked the wrong file. If, by industry, you meant computing and not spying.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry