And we should be credulous dupes like our Dear Leader.

To: Bill Johnson
From: Deparmant of Homland Securety

Subject: Limited Sistem Acess: Warning of Securety Breech!

Mr. Johnson:
This mails is to inform you that your acess to account is been limted. This is because security breech. You are to Click Here to verify your name and pasword immeditaly. You must verify or lost acess to logins.

Sinserely,

Yuri Vasilov
Technicle Analist
Depament Homland Securety

and freaking republicans will not lift a finger to defend America.

Then Trump can use the disaster to impose martial law and the coup will be complete. We will be a tool for Russia.

Sadly, a lot of people only noticed it recently, and they often still get it wrong. There's a higher purpose now--it's not security, it's politics. It really is sad--Stuxnet showed exactly how vulnerable things were and most people were busy trying to blame others instead of worrying about fixing the problem. Again, it's about political power and validation and pride for many, not security and the common good. And that's sad.

Some stuff was done before 1/2017, but what government can do is both limited and unclear--the fact it's been going on for years means Bush II and Obama didn't succeed in hardening what they needed to. It's like transportation security--the entire system is built to be open, which we say is a great thing; but for good security, you have to distrust everybody and have a closed system. It's easy to rant "government should do something", and in specific cases it can and has done things. (10-15 years ago a lot more power control systems had access to the Internet. Now we have "smart homes" and hear about how great they are; smart cars, too. Wait until the first virus hits and all the naifs ignoring the risk they pose say, "Government must do something." It's like (R) that want low taxes and high benefits. Cause and effect aren't being learned in elementary school any more.)

Anyway, Russia, China, N. Korea have been doing this for years. Sometimes as state actors, very often it's their private "patriots" at work--and sometimes you can't find daylight between the two groups, esp. in China and Russia.

But it's not always those. There are anarchist and revolutionary hacker groups out there, other countries with at least some computer savvy that don't like the US. Often the hackers want money more than subversion; sometimes they want both $ and jollies.

The air gap is nice. But if you know enough about the control systems you can probably get malware built for it and try to get it on USB drives. They found a serious USB security flaw a year or two ago--a way to clear out some hidden memory reserved for the USB on-board op system and get very small malware that can be passed to any computer the drive's plugged into.

Problem isn't so much the system, it's the wetware that uses the system. Just as the DNC hack was hacked only because fools took the clickbait, and nothing was done because the IT security guy at the DNC didn't bother to follow up properly, so security can be lax or circumvented by employees. I worked for a while in an office that had two Internet computers and the rest weren't networked at all. They'd just recently gotten some new computers. They'd done something to the USB ports on the back, but there was one on the front. The security guy didn't notice that there was panel that opened and an additional USB port was there. I'd been using it, because they saw no reason to tell me not to--all the USB ports were supposed to be disabled, so it would be like having a floppy disk around a computer with no floppy drive. The IT guy was not happy, and the next day the ports were disabled.