Seems like the more sophisticated we become, the more vulnerable we are. Why can't we seem to do a better job building things that are more secure?Vulnerabilities in software that automates everything from factories to traffic lights has become the nation's top cybersecurity threat, an agent on the FBI's Denver Cyber Task Force said Thursday in Colorado Springs.
Supervisory control and data acquisition software is used to control - sometimes remotely - many types of devices in the energy, transportation, manufacturing and other industries and often is connected to sensors, valves, pumps, motors and other types of equipment to ensure safe operation, detect problems and maintain quality. The systems can be vulnerable to cyber attacks because they sometimes aren't protected by sophisticated security systems since they aren't accessible to or used by members of the public and usually are located in areas away from the public.
Dan Leyman, special agent in the Denver Cyber Task Force, said the industrial control software is the biggest threat for the FBI because it is used to control much of the nation's critical infrastructure, ranging from dams and power grids to traffic control systems and waste water treatment plants. He made the comments during a panel discussion during a breakfast briefing at the Cheyenne Mountain Resort on cybersecurity by FedInsider.com, a Washington, D.C.-based website specializing in information and education about government management.
Vulnerabilities in infrastructure software concern cybersecurity experts
-
- Posts: 2528
- Joined: Wed Nov 30, 2016 11:09 am
Vulnerabilities in infrastructure software concern cybersecurity experts
Vulnerabilities in infrastructure software concern cybersecurity experts
-
- Posts: 15157
- Joined: Wed Nov 30, 2016 9:47 am
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
The relation of the sophistication of the state to the fragility of its constructs is proportional.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
The issue is this, simple networks are easier to defend because they have less to defend, the more complex it gets, unless you keep the K.I.S.S. mentality, will inherently be more complex and difficult to defend.
I am utilizing KISS in my case, because I am pushing our tech from four different components to one that can do the same as four, and do more than the four separate. It can defend from end user to firewall.
The technology that we are using today sucks, it is built off of a broken system to begin with, if you want to fix our internet infrastructure, you need to rebuild the internet from the ground up, and not make it so easily accessible by everyone like it is today. We would have to secure the network from branch to ISP and from ISP to share points, from share points to end user. This would be professional security, not this half-assed shit we have today.
I am utilizing KISS in my case, because I am pushing our tech from four different components to one that can do the same as four, and do more than the four separate. It can defend from end user to firewall.
The technology that we are using today sucks, it is built off of a broken system to begin with, if you want to fix our internet infrastructure, you need to rebuild the internet from the ground up, and not make it so easily accessible by everyone like it is today. We would have to secure the network from branch to ISP and from ISP to share points, from share points to end user. This would be professional security, not this half-assed shit we have today.
#NotOneRedCent
-
- Posts: 25287
- Joined: Wed Nov 30, 2016 6:50 am
- Location: Ohio
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.
I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.
I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
#NotOneRedCent
-
- Posts: 25287
- Joined: Wed Nov 30, 2016 6:50 am
- Location: Ohio
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.The Conservative wrote:You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.
I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
The OS is the least secure portion of the connection next to the end user.GrumpyCatFace wrote:Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.The Conservative wrote:You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.GrumpyCatFace wrote:Re: the PLCs (the infrastructure that they're talking about), those things don't have security, and don't need it. They need to be separated from the wider internet completely, and run on internal, secured networks.
I'm guessing, however, that this is not the case. It's expensive to add security to anything, and the government loves going with the lowest-cost option available.
That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
#NotOneRedCent
-
- Posts: 25287
- Joined: Wed Nov 30, 2016 6:50 am
- Location: Ohio
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.The Conservative wrote:The OS is the least secure portion of the connection next to the end user.GrumpyCatFace wrote:Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.The Conservative wrote:
You could easily take the network and separate it from others, but the problem would be that you would need to hard secure them as well, and that's not a possibility with how things are designed today.
That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
-
- Posts: 38685
- Joined: Wed Nov 30, 2016 5:59 pm
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
BSG had the right idea.
I honestly think our future looks more like that because of the vulnerabilities.
I honestly think our future looks more like that because of the vulnerabilities.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Vulnerabilities in infrastructure software concern cybersecurity experts
Actually not really, it's only expensive if you have to lay wires down multiple times for multiple services.GrumpyCatFace wrote:Right, this would be an 'air-gapped' option - obviously secure, but ludicrously expensive, at any kind of scale.The Conservative wrote:The OS is the least secure portion of the connection next to the end user.GrumpyCatFace wrote:
Define 'hard secure'... You mean adding security to every single device? No need. You'd have to add an operating system for that.
That being said, hard security means everything is hard wired, no wireless, no open ports, nothing to allow vulnerabilities.
#NotOneRedCent