Application Security, Company Connection Management/ Catastrophe Recovery, Cybercrime
Security Director Ian Keller Asks: Should Vital Systems Be Linked to the Web? CyberEdBoard – March 29, 2022 Have I been under the wrong impression that vital networks must be safeguarded to the nth degree? As you reluctantly wake up to the beeping of
your alarm embedded in your glossy new iPhone or Droid, you recognize that for some factor your phone is now on your chest and not on the nightstand where you left it. Odd … As your cognitive capabilities reach Max Q, your phone begins to change into a tiny little robot and attempts to strangle you to death. It resembles a scene from “Transformers.”Killware is here! See Likewise: Third Party Threat: Lessons on Log4j Killware is a hack of vital services and or infrastructure that can result in the loss of life. No, your phone is not going to strangle you. Well
, not yet, anyway . And the COVID-19 vaccine did not present
nanites that can explode your cerebral cortex. However an anti-killware app will be launched shortly, perhaps rebranded as an EDR option. And so will a Cerebral Cortex Isolation Guard- otherwise referred to as a tinfoil hat -for those pesky little nanites. Killware Eliminates There are tons of cases in which hacks have or might have caused loss of life. Apparently, a superpower utilized Stuxnet to get an Iranian nuclear power reactor, and if things had actually gone wrong -Boom! Chernobyl 2. Hackers recently kept
healthcare facilities to ransom, which led to the loss of life. They have also messed around with all sorts of important facilities since the dawn of the web. Back then, one bright trigger hacked into a South Korean federal government setup and introduced a cyberattack on North Korea that practically resulted in bullets flying over the DMZ. The list goes on and on. But all of a sudden killware is being marketed as something new.
It resembles”cyber” -simply an expensive new term dreamed up by somebody who needs a brand-new income stream since their gold mine tapped out. The more you link to the internet, the more you put at risk.Make no mistake: The hazard is genuine. We have been preaching this for 30 years, however including a moniker like “killware “will not assist resolve the issue, which is that the more you link to the internet, the more you position at danger.
Some things simply must not be on the web at all, no matter what. Why should the power grid -or health centers, water treatment plants or your pacemaker -be internet-accessible? I can think up a metric lots of reasons why it is, but none are good enough to call for the danger. What I composed in my rant on why we are getting hacked uses here: We
are either just too damn lazy for our own excellent, have a limited understanding of the danger we are taking, or wish to impress someone. For the biggest time in human history, we did not have anything linked to anything else, and we
? We have air gapped networks, which are essentially 2 networks physically and realistically separate from one another, with different PCs, network cable televisions, servers, routers, switches -everything. They are
specially developed for vital
facilities, to keep things separate from one another, the method it must be, in a hardened structure with multiple levels of authentication to go through before you can gain access to the physical facilities. Sharing details between the two networks is only done at one area, and the sharing infrastructure is hosted in a multilayer DMZ with rigorous guidelines on what goes where, when and how, if allowed at all. This system permitted us to keep things safe and stop the bad people from hurting anybody else, including themselves. Though I hate the fact that people think up these expressions to get podium time or produce brand-new sales, the truth is:”Stupidity eliminates.”When we permit networks and systems that were constructed to sustain life to link to the Web, we are just searching for difficulty. Have you not viewed “War Games”? The motion picture, which came out in 1983, is an extraordinary initial lesson in why you do not link these systems to the web. Who Is Accountable? In my profession, I have actually defended networks whose compromise could lead to the death, and I did everything in my power to make sure that those I protected made it home … by
refraining from doing something stupid. For the normal user, there are threats, and sometime serious dangers, which you accept when you link devices to the web. The exact same goes for your traditional company. However critical systems? This is something that you need to do only in extraordinary circumstances and just if you have the money to throw at it. In
my mind, you must face a panel of industry leaders to ratify your designs even prior to you can consider it. I would likewise like to see something on proper disclosure, however that is for next month’s rant. Now, I sit here and
wonder: If you put something online and your actions trigger the death of another person, should you be charged with murder or manslaughter? Who is responsible? CyberEdBoard is ISMG’s premier members-only neighborhood of seniormost executives and believed leaders in the fields of security, risk, personal privacy and IT. CyberEdBoard supplies executives with an effective, peer-driven collective ecosystem, private conferences and a library of resources to deal with intricate challenges shared by
thousands of CISOs and senior security leaders located in 65 different countries worldwide. Join the Community -CyberEdBoard.io. Ian Keller, who is director of security at a telecom company,
officer for one of South Africa’s prominentcorporate and merchant banks. Source
