General Discussion

JohnSJ

(92,403 posts) Wed Jun 2, 2021, 02:29 PM Jun 2021

Why are critical systems such as the pipeline or meat supply open to the web, or if they need

webservers, why isn't there adequate protections to prevent access to vulnerable websites, phishing emails with malicious attachments, etc.

Ransomware has been known for sometime. Why does it seem that we are always a day late and a dollar short?

13 replies

= new reply since forum marked as read

Highlight:

Why are critical systems such as the pipeline or meat supply open to the web, or if they need (Original Post) JohnSJ Jun 2021 OP

They've hit hospitals, traffic controls, and power grids and more. We've been wide open for years NightWatcher Jun 2021 #1

Exactly JohnSJ Jun 2021 #6

I think they are probing right now Bettie Jun 2021 #10

I said the same to my DH last night. bamagal62 Jun 2021 #11

Because good security costs money and it's Phoenix61 Jun 2021 #2

Yup - penny pinching shortsightedness. notinkansas Jun 2021 #7

bingo, IT security is expensive in both setup and maintenance Amishman Jun 2021 #13

The pipeline control system wasn't connected Abnredleg Jun 2021 #3

The pipeline company claims Disaffected Jun 2021 #4

They're not open to the public, but they find an easy peasy socially engineered backdoor Brother Buzz Jun 2021 #5

I'm more concerned about the electric grid. Throck Jun 2021 #8

Texas was an example of that JohnSJ Jun 2021 #9

"We" are private industry in this case. Republicans are strongly opposed Hortensis Jun 2021 #12

NightWatcher

(39,343 posts)

1. They've hit hospitals, traffic controls, and power grids and more. We've been wide open for years

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:32 PM

Jun 2021

I'm shocked we haven't been shut down actually. They, Russian hackers, could cripple u all at once if they wanted. We'd retaliate as soon as we recovered which might take a while and leave us dark, hungry, and unable to move, eat, pump water, or pump gas

JohnSJ

(92,403 posts)

6. Exactly

Reply to NightWatcher (Reply #1)

Wed Jun 2, 2021, 02:47 PM

Jun 2021

Bettie

(16,126 posts)

10. I think they are probing right now

Reply to NightWatcher (Reply #1)

Wed Jun 2, 2021, 03:05 PM

Jun 2021

seeing what they can do. There will be bigger/more damaging attacks.

I'm beginning to understand (if not fully agree with) my DH's point of view. He says these are acts of war and should be treated as such and that it is all coming, ultimately, from Putin.

bamagal62

(3,269 posts)

11. I said the same to my DH last night.

Reply to Bettie (Reply #10)

Wed Jun 2, 2021, 03:15 PM

Jun 2021

Phoenix61

(17,019 posts)

2. Because good security costs money and it's

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:34 PM

Jun 2021

hard to justify the expense to the board. It’s going to be just as hard to justify how they got jacked but some folks just don’t think ahead.

notinkansas

(1,096 posts)

7. Yup - penny pinching shortsightedness.

Reply to Phoenix61 (Reply #2)

Wed Jun 2, 2021, 02:56 PM

Jun 2021

Amishman

(5,559 posts)

13. bingo, IT security is expensive in both setup and maintenance

Reply to Phoenix61 (Reply #2)

Wed Jun 2, 2021, 04:18 PM

Jun 2021

Until recently I was a IT contracting nomad, I've worked for a lot of clients doing rush projects. One of the most common theme is management refusing to spend for IT, especially security and maintenance, until something goes wrong. Damn near every IT department I've ever seen is perpetually understaffed and functioning almost entirely reactively and not proactively.

In other words, their sys admins and net ops people are so busy keeping things running that they have zero time to keep up on emerging vulnerabilities, let alone proactively close them.

Abnredleg

(670 posts)

3. The pipeline control system wasn't connected

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:36 PM

Jun 2021

It was the corporate network (ie. email, billing, etc) that was hit.

Disaffected

(4,569 posts)

4. The pipeline company claims

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:39 PM

Jun 2021

it's pipeline control system is/was isolated from the web - it was their billing and payments system that was jacked.

AFAIK it is the same for other infrastructure such as electricity grids and generator stations.

Brother Buzz

(36,466 posts)

5. They're not open to the public, but they find an easy peasy socially engineered backdoor

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:47 PM

Jun 2021

All they have to do is find one lazy person who has access, break their password out in the social media world, then access the system through it's password protected portal because there's a good chance the lazy person uses the same password EVERYWHERE.

Throck

(2,520 posts)

8. I'm more concerned about the electric grid.

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 02:56 PM

Jun 2021

Pipeline networks are small compared to the nationwide network of electrical infrastructure. The electrical network is currently well aged too.

JohnSJ

(92,403 posts)

9. Texas was an example of that

Reply to Throck (Reply #8)

Wed Jun 2, 2021, 03:02 PM

Jun 2021

Hortensis

(58,785 posts)

12. "We" are private industry in this case. Republicans are strongly opposed

Reply to JohnSJ (Original post)

Wed Jun 2, 2021, 03:30 PM

Jun 2021

to government requiring expensive security upgrades for free enterprise. So it's left to them... I

If you think meat is bad, take a look at our thousands of independent power companies. Last I read, it sounded like most of their owners were RWers more afraid of, and outraged by, the idea of national security involvement by our government than the now very real possibility of massive death and devastation from going bare. The TX-area outage was nothing, strictly local and temporary.

Reply to this discussion