undefined | Better HN

0 pointsPeterisP4y ago0 comments

I don't agree - that won't work as critical infrastructure can't be not connected to internet; perhaps we have a different understanding of what "critical infrastructure" means? You can have disconnected industrial networks, but the ransomware cases aren't really about those.

For example, let's look at the recent major Colonial Pipeline case. Their pipeline systems weren't connected to the Internet, and did not get compromised. What got compromised was their business billing and customer communications systems - and those do need to be connected to internet, that's their whole point, and they apparently were critical enough to make them shut down the (uncompromised) pipeline anyway.

It doesn't matter if your meat packing plant machinery SCADA systems are isolated, your inventory, logistics and sales systems are critical for your operations and need to be connected to the internet, so a ransomware attack will kill you even if your plant equipment works fine.

It doesn't matter if your chemical plant sensor network is isolated, your payroll and shift scheduling system is critical to your operations and needs to be connected to the internet.

Heck, for so many companies their email systems are critical to their operations (and leaking the contents would cause a massive liability) and those obviously need to be connected to the internet.

Not connecting is helpful in some cases, but it's nowhere close to a sufficient solution.

0 comments

joe_the_user4y ago

Their pipeline systems weren't connected to the Internet, and did not get compromised. What got compromised was their business billing and customer communications systems - and those do need to be connected to internet, that's their whole point, and they apparently were critical enough to make them shut down the (uncompromised) pipeline anyway.

When Colonial attack happened, there was a person posting who described Colonial's situation from the inside. Colonial shutdown because their system their billing was compromised and their pipleline could have been compromised.

The pipeline was connected two way in hardware but one-way in software. But software can be compromised. Why not one way in hardware? 'cause the company was. Once billing was compromised, they had to assume the pipeline was compromised.

I suggest you read:

https://news.ycombinator.com/item?id=27101756

Not connecting is helpful in some cases, but it's nowhere close to a sufficient solution.

Sure, my comment above involves some hyperbole. The main point is that companies allow a ragbag of profligate connections between various subsystems to be default OK because this saves them money now and costs other people money later. And then expect outsourced security to solve this.

I'm sure a lot of the companies hit by the solarwinds exploit had cybersecurity teams. It's just these teams can't say something like "don't allow some shitty third party to autoupdate their software into your system - if you view security as important, as maybe a government agency should."

j / k navigate · click thread line to collapse