OT: Clarke on cyberwar

[Doofrat]

That’s what off site backups and Disaster Recovery are for.

Take a brokerage firm or a health care organization. They can protect themselves through several means. One is to simply have off site backups. Your average company probably backs up all their production data at least once a week and then all changes and additions to data once a day. Many now have what are essentially on the fly backups on top of this. These tapes are sent out every day. See those Iron Mountain vans driving around? Those are tapes going back what I like to think of as being something akin to the NORAD facility in “Wargames”. I know they’re probably just going to some warehouse in Mira Mesa, but don’t burst my bubble, O.K.?
User wipes out the data on a server, put in a request to Iron Mountain and the next morning you’ve got a tape in hand to restore from.
On top of this, your brokerage should have at least one Disaster Recovery site located in another state where they may have any level of data replication.

Now the catch to disabling trains and blowing up pipelines and damaging the electrical grid is that you can’t really do all these things at once. To even get one of them, you have to get access to the system, attain the proper rights, and figure out how to run the system. I’d guess that most of these systems don’t allow you to smash trains together no matter what your rights are, but taking over the system can be done theoretically , but it has to be done quickly after the access has been gotten before you are detected. Once the cyber attack is detected, it’s likely the operators just switch to a manual system or shut the system down if you’re smashing trains together somehow.

Zombie/botnet networks are quite common actually. With the use of load balancers and such you can defend yourself to a point. At some point, if you’ve got a million infected systems hitting you up every second, you’ll be down, but these attacks are old and common. Companies have been dealing with them for years, and there are lots of countermeasures available.

The loss of personal and classified information is a definite threat though. I’d be worried about that if anything.

[patientrenter]

I thought it was an interesting interview, jp, full of credible specific information. But he didn’t hold back on the scary part. Scaring his audience works well for him personally, so I didn’t let my blood pressure get out of control. A lot of bad things could happen to us. Life isn’t worth living if we try to anticipate them all.

[patientrenter]

I thought it was an interesting interview, jp, full of credible specific information. But he didn’t hold back on the scary part. Scaring his audience works well for him personally, so I didn’t let my blood pressure get out of control. A lot of bad things could happen to us. Life isn’t worth living if we try to anticipate them all.

[patientrenter]

I thought it was an interesting interview, jp, full of credible specific information. But he didn’t hold back on the scary part. Scaring his audience works well for him personally, so I didn’t let my blood pressure get out of control. A lot of bad things could happen to us. Life isn’t worth living if we try to anticipate them all.

[patientrenter]

I thought it was an interesting interview, jp, full of credible specific information. But he didn’t hold back on the scary part. Scaring his audience works well for him personally, so I didn’t let my blood pressure get out of control. A lot of bad things could happen to us. Life isn’t worth living if we try to anticipate them all.

[patientrenter]

I thought it was an interesting interview, jp, full of credible specific information. But he didn’t hold back on the scary part. Scaring his audience works well for him personally, so I didn’t let my blood pressure get out of control. A lot of bad things could happen to us. Life isn’t worth living if we try to anticipate them all.

[Doofrat]

He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.

[Doofrat]

He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.

[Doofrat]

He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.

[Doofrat]

He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.

[Doofrat]

He has some great info that people shouldn’t just listen to, they should be doing it (like two step authentication), and I think maybe his scare mongering is used to get peoples’ attention. I don’t see why or how anyone would use a cyber attack against infrastructure when a conventional attack is much more effective.
People should be more scared that there is a key logger on their system logging their every keystroke, or they should be scared that they use the same username and password on their bank account as they use on a blog site. It’s nice to see someone talking about this part of the threat which is very real.

[briansd1]

I pretty much agree with doofrat, especially about password security.

Not everything is connected to the Net. The train reservation system may be on the Net but not the system that controls the traffic.

Furthermore, computers are not seamlessly connected in real time. Different software systems could operate in batch mode, independent of one another.

It difficult enough to get the computers in a one-location company to talk together, much less the whole country.

Yes, cyber attacks can create disruptions and inconvenience, but I don’t believe that, at this point, cyber attacks can bring down the whole country.

Remember the Y2K bug? It was a non-event.

[briansd1]

I pretty much agree with doofrat, especially about password security.

Not everything is connected to the Net. The train reservation system may be on the Net but not the system that controls the traffic.

Furthermore, computers are not seamlessly connected in real time. Different software systems could operate in batch mode, independent of one another.

It difficult enough to get the computers in a one-location company to talk together, much less the whole country.

Yes, cyber attacks can create disruptions and inconvenience, but I don’t believe that, at this point, cyber attacks can bring down the whole country.

Remember the Y2K bug? It was a non-event.

[briansd1]

I pretty much agree with doofrat, especially about password security.

Not everything is connected to the Net. The train reservation system may be on the Net but not the system that controls the traffic.

Furthermore, computers are not seamlessly connected in real time. Different software systems could operate in batch mode, independent of one another.

It difficult enough to get the computers in a one-location company to talk together, much less the whole country.

Yes, cyber attacks can create disruptions and inconvenience, but I don’t believe that, at this point, cyber attacks can bring down the whole country.

Remember the Y2K bug? It was a non-event.

[briansd1]

I pretty much agree with doofrat, especially about password security.

Not everything is connected to the Net. The train reservation system may be on the Net but not the system that controls the traffic.

Furthermore, computers are not seamlessly connected in real time. Different software systems could operate in batch mode, independent of one another.

It difficult enough to get the computers in a one-location company to talk together, much less the whole country.

Yes, cyber attacks can create disruptions and inconvenience, but I don’t believe that, at this point, cyber attacks can bring down the whole country.

Remember the Y2K bug? It was a non-event.

[Author]

Posts