Unfortunately I have to agree. We're not far behind the wimpy Brits when it comes to a backbone.
-
Be sure to read this post! Beware of scammers. https://www.indianagunowners.com/threads/classifieds-new-online-payment-guidelines-rules-paypal-venmo-zelle-etc.511734/
Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed
- Thread starter bwframe
- Start date
The #1 community for Gun Owners in Indiana
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
Industrial control systems are most likely not accessible to anything that has a public facing IP, real or NAT'd. They pretty much have NO security built into them, so they tend to be isolated as much as possible. Anyone that enables a public facing device access into their IoT devices should be fired immediately. This is nothing new or Earth shattering.
KittySlayer
Grandmaster
Well, never underestimate the level of stupidity of users.
One of the my responsibilities is to try to secure about 40 IoT networks. It is a constant battle to stop employees from trying to find ways around the security put in place to protect these systems. You'd think the idea that someone could die if there were a breach would stop it, but nope. Convenience is much more important.
Ransomware is a nasty beast. Some can spread themselves, some can't. Get the wrong user involved with the wrong ransomware and it could spread into those networks. We are actively working on how to identify and stop just such scenarios. It is not an easy task.
Plus ransomware has become a huge problem for corporations. We've had three partners hit in the last year. Two of them at the time had VPN connections into our network.
Tell me about it. Guess who hasn't had a daily production system for a week now.
You just don't get how it works for the execs. Exec A gets big money for building system cheap. Exec B gets big money for running system cheap, gets golden parachute when fired because system built and ran cheap failed. Exec C gets big money to save the system cheap... LOL
That isn't really how it goes for this. The guys that get fired for intrusions are not that high up.
Ouch. That brings up the other problem with Ransomware. You have to be able to rebuild your systems without it. If your backups are done right, you are screwed. That means rebuilding from scratch.
But if the damage is big enough, They get dragged down with it because it happened under their watch. Especially if its found that the company didnt do their due diligence and put strong enough protections in place.
Have you heard of that happening?
When we were still a public company our board of directors actually pushed security as a priority, The CEO didn't have much of a say in it.
Yes. It happens. Not specifically cybersecurity related, but many times when a company drops the ball and it comes out they didnt follow best practices, an exec (usually the CEO) is tossed into the proverbial volcano to appease the investors/public to try to make the brand look better and move on from the incident.
Funny you should say that. I was looking to see if our little outage had made the news, or anything. Came across a couple of press releases bragging about how they were employing an AI system to prevent just this sort of thing. All I could think was....
Attachments
My guess is this is true for the Minuteman III upgrades.
LOL. One of our vendors that was hit sold an endpoint protection package.
dieselrealtor
Master
"depends"?
Definitely not as, uh, kinetic as Stuxnet. I'd imagine our adversaries have stuff like that, but it's tough to field test a weapon that actually destroys stuff. Ransomware-type attacks, you can test and tune over and over. And in immediate tactical terms, a soft kill via control system lockout is just as good as actually destroying something.I had read that the pipeline company had taken systems offline as a precaution, not that any systems were directly damaged by the attack (at least not hardware systems), so I dug around a bit more
I thought it could be something like this. Big difference between ransomware attack and Stuxnet
Major US pipeline shut by ransomware attack - Digital Journal
The largest fuel pipeline system in the United States was forced to shut down its entire network after a ransomware attack.www.digitaljournal.com
The local news channels this morning announced gasoline prices may spike as early as tomorrow due to hackers compromising a major gas pipeline. The hackers weren’t identified nor was there a reason given for the why. What is chilling about this to me is the apparent disruption that is projected to occur by this act. I’m wondering if the delivery system is so fragile that it only takes one pipeline being compromised to disrupt gas supplies ?
Further comment by the TV ”newscaster” reported that rules regarding restrictions on driving hours by truck drivers were being eased. Reportedly drivers will be able to exceed the 11 hour daily maximum. That doesn’t sound like such a good idea to me considering the drivers are hauling liquid dynamite.
So . . . . . if you need gas, better get it today (?)
Further comment by the TV ”newscaster” reported that rules regarding restrictions on driving hours by truck drivers were being eased. Reportedly drivers will be able to exceed the 11 hour daily maximum. That doesn’t sound like such a good idea to me considering the drivers are hauling liquid dynamite.
So . . . . . if you need gas, better get it today (?)
