Cyber-attack claims at US water facility

Source: The Guardian

US homeland security and FBI officials are investigating an apparent cyber-attack on a water utility near Springfield, Illinois.

The attack may have been the cause of a water pump shutdown, and could be the first case of foreign hackers successfully targeting a US industrial facility.

The shutdown did not result in any supply issues, but the incident triggered a high-level investigation.

On 8 November a technician said the system has been hacked from a computer in Russia. The incident was made public by a cybersecurity expert, Joe Weiss. "This is a big deal," he told the Washington Post.

Read more: http://www.guardian.co.uk/world/2011/nov/20/cyber-attack-us-water-utility

Good. IMHO DARPA should be working on secure IT, period. An incredibly important threshold is being crossed about now, and that's the point when the Internet becomes critical infrastructure up to this point, all this stuff has this exploration of possibilities, this new way of doing things for people government and business. But we still have the option of paper, we still have the choice not to use it. However as IT increasingly becomes an essential part of businesses ability to continue to operate in harsh economic times, we have to respect that fact that we are all married to it now. That means we need to take our focus off what it COULD do, and start to focus on what it SHOULD do to remain secure, even if that means some loss in bells and whistles.

There's nothing about the internet, as a potential carrier of fully encrypted information, that needs to be changed to make endpoint-to-endpoint communication secure.

I hear you saying the technological capability for secure Internet exists, but people aren't using it. But I think we should look at the Internet holistically, as an entity which includes a network of computers AND the people using them. If some desirable behavior for security is lacking in the people, than its lacking in the Internet. Maybe the solution is an organization and awareness boosting effort for security, color coded security tiers, that kind of thing so people can get it without a whole lot of work. What's clear to me is a situation where we are absolutely dependent on the Internet but its not sufficiently secure is very dangerous. If that means raising social awareness than it means raising social awareness.

http://www.itbusinessedge.com/cm/blogs/mah/half-of-smbs-believe-they-are-immune-to-targeted-cyber-attacks/?cs=49122

Things could have been designed with more thought to security. But there is no realistic way to secure networks or computers in any general way. One time pads are not practical. There is really no way technically to solve the related issues of trust, authentication, secrecy, and privacy.

FYI I have been doing networking, op systems, security, and critical systems for the past 45 years.

There were no computer/network system breaches in the 1800's.

;)


*Actually, that's probably wrong. I'm sure there were more than a few instances of people listening in on telegraph communications.

:sarcasm:

DISCONNECT the public infrastructure from the internet.

What is the point of having a water utility pump system accessible via the internet, so buddy doesn't have to get in his truck and go check out the workings of the plant?

Laziness will get us all in the end.

There's no conceivable reason why the water supply needs to be hooked to the Internet, unless some asshole has decided to run the plant from his home while wearing pjs, and not hire staff, which would be unionized and get decent pay and benefits....