You are viewing a single comment's thread from:

RE: [The Library Information Warfare] Sun Tzu and the Art of Critical Infrastructure Defense

You're citing stuff that was hacked using default, unset credentials, in other words this was simply and solely because of piss poor implementation and not because of Intercontectedness.

Their mere connectedness allowed for them to be "hacked" because of default credentials. Computers are not innately dangerous. Their data and connectedness to the web confer danger.

Deadly olives, because A you haven't demonstrated that such systems are connected to the web, and the contention I made was that simply because it's a computer, despite it NOT being connected to the internet, it can still be hacked. Until you can demonstrate that Nuclear Power plants are Connected to the Internet and that this Compromises them it's only your speculation, which as I've pointed the vulnerability is there Regardless of being Connected and Despite that they aren't connected to the internet, as your Ukrainian Example demonstrates. Can connecting it to the internet compromise security by default? No, and any network engineer will tell you that because there's a multitude of safeguards on top of safeguards, but can Piss Poor Implementation compromise security, Without a Doubt.

https://www.wired.com/story/hack-brief-us-nuclear-power-breach/
https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
While a Forbes article does imply that nuclear safety mechanisms are safe and secure behind segmentation and out-only network engineering, that does not protect the entirety of nuclear power plant security. The Ukranian example does not at all demonstrate that the power plants are segmented off. The mere targeting of our plants, as well as the attack on the Ukranians, would imply the opposite, that even if they are relatively segmented, there is still crossover enough for attack to be possible from the web as a whole. This is unacceptable. As for your "any network engineer" example, that's simply a falsehood. Any network engineer with any background in security would tell you that connecting it with the internet does immediately put it at some level of risk, and the data and context involve would play a part in what level that risk should be viewed at.

Again there is no reason to think this is the case. It's alarmist nonsense, and ridiculous, with basic security you can stop all incoming traffic for example, and only send out traffic. Read Only Effectively.

https://www.theverge.com/2017/5/12/15630354/nhs-hospitals-ransomware-hack-wannacry-bitcoin

Read only? Seems like UK at least would imply that hospital networks absolutely imply that hospital networks are overconnected. Basic security both doesn't work and is rarely implemented.

Actually you cannot guard against that so you might as well stop wasting resources creating the Impossible.

That's just blatantly dangerous logic.

Actually I provided the references, the Councils of Nicea, the Numerous Acts of the Empire, LONG after it's fall,...

Again. I'm talking about the literal fall of Rome. The Empire itself. You're using semantics to imply the existance of the Pope and the Roman system implies that Rome never fell.. That's a purely semantic argument against a point that is clearly a literal case for the fall of Rome as a ruling society and government. Rome, even if I do humor your point of the Pope still being around, absolutely does not rule France, Spain, or America. That is laughable. You're arguing using a largely semantic argument over the definition of "rule", trying to conjure up some ownership between the pope and established nations that does not exist. You're citing things, and I appreciate that at least, but your argument is still a far stretch. Rome fell. Period.