Gearing up for cyberwar

Topic

New Reply

ON SECURITY By Susan Bradley Once upon a time, I used to publish maps showing the location of each water pump in the city where I live. Fresno residen
[See the full post at: Gearing up for cyberwar]

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

ClearThunder, windbg, Fred

Reply | Quote

Replies

When ever will the SQL server/client be safe?
Lots of businesses seem te be too lazy to bring them up to the last patched versions.
As always, it’s a matter money and time and knowledge

* _ ... _ *

Reply | Quote

Fred wrote:

When ever will the SQL server/client be safe?

Usually, it’s not the database system that is compromised. It’s the application using it. If an attacker can get past the outer defenses and gain access to a database console, game over. It’s the outer defenses that are the weak link.

Reply | Quote

Thanks Will. Found in the business of a good friend database applications using SQL 2005 and 2008 without the common security patches, that’s not done in my vocabulary. Both are not maintained anymore. So the computer security itself is quite up-to-date again (for how long?), but will the application software supplier adapt to the newer versions? With all the east-EU troubles coming on, there is not much to do than creating complete images incase the bad happens.

* _ ... _ *

Reply | Quote

It’s hard to explain just how debilitating it is when critical infrastructure goes down. In 2003, the power went out in the northeast USA and Canada. The largest blackout ever. 50 million people. The domino effect was swift and shocking. No stores, the gasoline, no water for some, no flushing for others. I don’t think anyone died but everything came to a complete halt.

Since then I’ve worried about water. Might seem strange but this was also close enough to 9-11 to have terrorism at top of mind. How dated is our water distribution system? In Michigan, for most of the population it flows out of Detroit. It was not designed with security in mind. How easy would it be to poison a large population? Pretty easy as Miami nearly found out recently. If the monitor (person) hadn’t happened to be sitting at his desk it would have happened. It wasn’t security that saved the people of Miami, it was dumb luck. I have a whole house reverse osmosis system to protect me at the end point – my home. I also keep a six month supply of food on hand. Maybe I’m a bit paranoid. Hopefully that’s how it remains.

2 users thanked author for this post.

Spiral, wavy

Reply | Quote

Our electricity, natural gas, oil, and water infrastructure is fragile with a significant portion of the risk being tied to the fragility of computer controls and telecommunications systems.

According to Chris Kimmerle of Reuters in his column, Forget hurricanes, is US ready for solar storms?,

“Like a high-altitude nuclear explosion, a geomagnetic storm (GMS) spawned by solar flares has the ability to shut down electricity transmission/ distribution systems and damage computers on Earth.”

https://www.reuters.com/article/column-power-solarflux-idINN1E76H0UV20110817

And in his March 12, 2021 article The Great Québec Blackout Dr. Tony Phillips states,

“On March 13, 1989, a powerful coronal mass ejection (CME) hit Earth’s magnetic field. Ninety seconds later, the Hydro-Québec power grid failed. During the 9 hour blackout that followed, millions of Quebecois found themselves with no light or heat, wondering what was going on?”

https://spaceweatherarchive.com/2021/03/12/the-great-quebec-blackout/

Then in 2003 there was another regional North American blackout as described by the CBC in their piece The great North America blackout of 2003 that states, “Shortly after 4 p.m. ET on Aug. 14, 2003, more than 50 million North Americans found themselves without power.”

https://www.cbc.ca/archives/the-great-north-america-blackout-of-2003-1.4683696

While solar storms have been around forever, terrorism and computer malware have added to the complexity of managing energy distribution systems and thus the need to be hypersensitive when it comes to protecting the computer systems that are used to control the flows of electricity, natural gas, and oil.

Electric and other infrastructure management companies are hyper sensitive as to who has physical access to their computer systems. An example being the location of backup computer operations being available only on a need-to-know basis. The idea being if you can’t find it, you can’t physically disrupt it.

Unlike physical command and control facilities, malware exposes the operating systems themselves to disruption and the potential for operational disruptions and the resulting chaos.

A good reason, where ever possible, to isolate command and control infrastructure from the internet and/or exposure to software that may impair operations.

All the more reason not to use the Russian owned and Moscow based KasperskyAnti-Virus software even at the current discount price of $29.99 for 3 PCs for one year for new customers – down from $59.99.

What have you done to protect your data systems from disruptions?

3 users thanked author for this post.

Spiral, ClearThunder, Charlie

Reply | Quote