Vulnerabilities in infrastructure software concern cybersecurity experts

User avatar
de officiis
Posts: 2528
Joined: Wed Nov 30, 2016 11:09 am

Vulnerabilities in infrastructure software concern cybersecurity experts

Post by de officiis » Mon Jun 12, 2017 10:29 am

Vulnerabilities in infrastructure software concern cybersecurity experts
Vulnerabilities in software that automates everything from factories to traffic lights has become the nation's top cybersecurity threat, an agent on the FBI's Denver Cyber Task Force said Thursday in Colorado Springs.

Supervisory control and data acquisition software is used to control - sometimes remotely - many types of devices in the energy, transportation, manufacturing and other industries and often is connected to sensors, valves, pumps, motors and other types of equipment to ensure safe operation, detect problems and maintain quality. The systems can be vulnerable to cyber attacks because they sometimes aren't protected by sophisticated security systems since they aren't accessible to or used by members of the public and usually are located in areas away from the public.

Dan Leyman, special agent in the Denver Cyber Task Force, said the industrial control software is the biggest threat for the FBI because it is used to control much of the nation's critical infrastructure, ranging from dams and power grids to traffic control systems and waste water treatment plants. He made the comments during a panel discussion during a breakfast briefing at the Cheyenne Mountain Resort on cybersecurity by FedInsider.com, a Washington, D.C.-based website specializing in information and education about government management.
Seems like the more sophisticated we become, the more vulnerable we are. Why can't we seem to do a better job building things that are more secure?
Image

User avatar
Fife
Posts: 15157
Joined: Wed Nov 30, 2016 9:47 am

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by Fife » Mon Jun 12, 2017 10:40 am

The relation of the sophistication of the state to the fragility of its constructs is proportional.

User avatar
The Conservative
Posts: 14790
Joined: Wed Nov 30, 2016 9:43 am

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by The Conservative » Mon Jun 12, 2017 10:49 am

The issue is this, simple networks are easier to defend because they have less to defend, the more complex it gets, unless you keep the K.I.S.S. mentality, will inherently be more complex and difficult to defend.

I am utilizing KISS in my case, because I am pushing our tech from four different components to one that can do the same as four, and do more than the four separate. It can defend from end user to firewall.

The technology that we are using today sucks, it is built off of a broken system to begin with, if you want to fix our internet infrastructure, you need to rebuild the internet from the ground up, and not make it so easily accessible by everyone like it is today. We would have to secure the network from branch to ISP and from ISP to share points, from share points to end user. This would be professional security, not this half-assed shit we have today.
#NotOneRedCent

User avatar
SuburbanFarmer
Posts: 25278
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by SuburbanFarmer » Mon Jun 12, 2017 11:09 am

Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.

I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
The Conservative
Posts: 14790
Joined: Wed Nov 30, 2016 9:43 am

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by The Conservative » Mon Jun 12, 2017 11:37 am

GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.

I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.
#NotOneRedCent

User avatar
SuburbanFarmer
Posts: 25278
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by SuburbanFarmer » Mon Jun 12, 2017 11:39 am

The Conservative wrote:
GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.

I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
The Conservative
Posts: 14790
Joined: Wed Nov 30, 2016 9:43 am

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by The Conservative » Mon Jun 12, 2017 12:51 pm

GrumpyCatFace wrote:
The Conservative wrote:
GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.

I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.
The OS is the least secure portion of the connection next to the end user.

That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
#NotOneRedCent

User avatar
SuburbanFarmer
Posts: 25278
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by SuburbanFarmer » Mon Jun 12, 2017 12:54 pm

The Conservative wrote:
GrumpyCatFace wrote:
The Conservative wrote:
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.
The OS is the least secure portion of the connection next to the end user.

That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
Speaker to Animals
Posts: 38685
Joined: Wed Nov 30, 2016 5:59 pm

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by Speaker to Animals » Mon Jun 12, 2017 1:05 pm

BSG had the right idea.

I honestly think our future looks more like that because of the vulnerabilities.

User avatar
The Conservative
Posts: 14790
Joined: Wed Nov 30, 2016 9:43 am

Re: Vulnerabilities in infrastructure software concern cybersecurity experts

Post by The Conservative » Mon Jun 12, 2017 1:25 pm

GrumpyCatFace wrote:
The Conservative wrote:
GrumpyCatFace wrote:
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.
The OS is the least secure portion of the connection next to the end user.

That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.
Actually not really, it's only expensive if you have to lay wires down multiple times for multiple services.
#NotOneRedCent