Vulnerabilities in infrastructure software concern cybersecurity experts

[SuburbanFarmer]

The OS is the least secure portion of the connection next to the end user.

That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.

Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.

Actually not really, it's only expensive if you have to lay wires down multiple times for multiple services.

Well, I guess you could have a single network for all PLCs - traffic lights, water management, whatever else.. But that makes the entire thing vulnerable unless you have some pretty kickass firewalls and routers. It's a huge problem, no matter what. We need some (gasp) planning done to make it all work.

[jbird4049]

Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.

Actually not really, it's only expensive if you have to lay wires down multiple times for multiple services.

Well, I guess you could have a single network for all PLCs - traffic lights, water management, whatever else.. But that makes the entire thing vulnerable unless you have some pretty kickass firewalls and routers. It's a huge problem, no matter what. We need some (gasp) planning done to make it all work.

But it is not immediately profitable and/or requires taxes, plus it is a hidden not sexy problem. Nah much easier to yell Teh Terrorisms are gonna get us. And then add yet another restriction, rule, regulation, law, tactic, invasion, spying, and lying with even more assassinations and wars to "protect" us.

Yet, I have been hearing about vulnerabilities to our infrastructure for decades, but nothing ever really happens. I am surprised that some smart terrorists have not done so.

[SuburbanFarmer]

Yeah, it's funny how our "greatest vulnerabilities" are all over the news, but we can't even see how they spy on us, lest the super-villains figure it out.

[The Conservative]

Yeah, it's funny how our "greatest vulnerabilities" are all over the news, but we can't even see how they spy on us, lest the super-villains figure it out.

It's easy to fix, I had to do the same thing for my work. I'm the Director of Infrastructure and IT. To do what is required cost $5000. It basically came down to $1 a person cost wise. It was a cheap fix.

The problem is as it's been stated before, it's not sexy... so it's something that is normally overlooked till it's too late.

This entire problem can be a simple solution, people just don't think it through and say it's impossible.

[SuburbanFarmer]

Yeah, it's funny how our "greatest vulnerabilities" are all over the news, but we can't even see how they spy on us, lest the super-villains figure it out.

It's easy to fix, I had to do the same thing for my work. I'm the Director of Infrastructure and IT. To do what is required cost $5000. It basically came down to $1 a person cost wise. It was a cheap fix.

The problem is as it's been stated before, it's not sexy... so it's something that is normally overlooked till it's too late.

This entire problem can be a simple solution, people just don't think it through and say it's impossible.

Enlighten us, then.

[The Conservative]

Yeah, it's funny how our "greatest vulnerabilities" are all over the news, but we can't even see how they spy on us, lest the super-villains figure it out.

It's easy to fix, I had to do the same thing for my work. I'm the Director of Infrastructure and IT. To do what is required cost $5000. It basically came down to $1 a person cost wise. It was a cheap fix.

The problem is as it's been stated before, it's not sexy... so it's something that is normally overlooked till it's too late.

This entire problem can be a simple solution, people just don't think it through and say it's impossible.

Enlighten us, then.

Keep all things that are necessary off grid, in other words make it so that hackers can get to the point right before the service, but not access the service itself. There would actually be a human element or an element of sort to keep the two systems separate but at the same time communicate with each other.

Its what I do here at work, we have a share at work that is only accessible via the network, but no one outside of the network can access it. If they want access to something, they need to ask permission, and when given the file or share itself is shared on a different system that only people with the right credentials can see.

Does it slow things down, perhaps a little, but are things secure, yes... because I can then be the firewall and a real time stopgap. No technology up to date can do that with 100% effectiveness.

Because if someone wants to share something that shouldn't I don't give authorization, while an automated system could, and in many cases would.

[Zlaxer]

Seems like the government is trying to make the case to go increase funding for cyber defense - be afraid, be very afraid.....and don't question the spending....

In all honesty though - the problem usually lies in the people who maintain these systems......Boomers are fuckin stupid when it comes to security - they will plug anything they find into a USB port.

[DBTrek]

1) There would actually be a human element or an element of sort to keep the two systems separate but at the same time communicate with each other.

2) Its what I do here at work, we have a share at work that is only accessible via the network, but no one outside of the network can access it.

Truly baffling.

[The Conservative]

1) There would actually be a human element or an element of sort to keep the two systems separate but at the same time communicate with each other.

2) Its what I do here at work, we have a share at work that is only accessible via the network, but no one outside of the network can access it.

Truly baffling.

No, the share is locked down, it doesn't send out notifications or allow access from the outside. So if you type in the IP address, and then share IP you won't have access to it... because you don't have the right permissions, or key...

[SuburbanFarmer]

It's easy to fix, I had to do the same thing for my work. I'm the Director of Infrastructure and IT. To do what is required cost $5000. It basically came down to $1 a person cost wise. It was a cheap fix.

The problem is as it's been stated before, it's not sexy... so it's something that is normally overlooked till it's too late.

This entire problem can be a simple solution, people just don't think it through and say it's impossible.

Enlighten us, then.

Keep all things that are necessary off grid, in other words make it so that hackers can get to the point right before the service, but not access the service itself. There would actually be a human element or an element of sort to keep the two systems separate but at the same time communicate with each other.

Its what I do here at work, we have a share at work that is only accessible via the network, but no one outside of the network can access it. If they want access to something, they need to ask permission, and when given the file or share itself is shared on a different system that only people with the right credentials can see.

Does it slow things down, perhaps a little, but are things secure, yes... because I can then be the firewall and a real time stopgap. No technology up to date can do that with 100% effectiveness.

Because if someone wants to share something that shouldn't I don't give authorization, while an automated system could, and in many cases would.

So your security idea boils down to "put a password on it". :face palm: