Anyone read the excellent "Consider Phlebas" by Ian Banks ?
The parallels between what's going on now and the Culture/Idiran war is uncanny.
Following Prime Minister David Cameron's re-announcement of funding increases for UK security personnel, Chancellor George Osborne delivered a speech today to GCHQ workers explaining that the increase is necessary as ISIL is seeking to "develop the capability" to launch deadly cyber attacks against British infrastructure. How …
""If our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost.""
Just don't connect the ATC, hospitals', power stations etc to anywhere online. Is it that hard? after all, these systems worked fine 'off-line' for decades before the internet even existed
The issue isn't so much the data streaming out of these facilities as the possibility of sending commands into them.
So the 'internet' connection should just be one-way. Just take the data being fed out of the systems and feed it into a web server box via RS232/RS422/something similar. And then cut the Tx line(s) from the webserver to the computer it's monitoring.
Et voila, instant perfect security; it physically cannot be hacked into.
Surely the correct answer is to ensure that vital national infrastructure has sufficiently hard defences, and sufficient redundancy, that it can't be successfully attacked online.
If we don't have that redundancy and security - if hacking a substation somewhere really would endanger lives - then we've got bigger problems than cyber-security. 'Cuz substations fail all the time, for reasons that have nothing to do with terrorism.
My thoughts exactly. All key infrastructure should be entirely isolated from the internet. Every time I hear about someone who's hacked NASA or the Pentagon my first thought is always "why do they still have this data connected to the internet?" It's just a disaster waiting for a game of tic-tac-toe...
We're already very close to our UK electricity supply being cut off this winter, having reduced the supply overcapacity to just 1%. It won't need terrorists to take out the grid, just a cold snap. Or a twatbook campaign among the tiny minority who wish to destabilise our civilisation to turn on their heaters, kettles dishwashers, washing machines and electric cookers at exactly the same time one chilly day. Unlikely there'll be many takers for that.
Still, blaming ISIL cyber attacks for power cuts is the perfect excuse for the energy industry to cover up their own neglect.
Still, blaming ISIL cyber attacks for power cuts is the perfect excuse for the energy industry to cover up their own neglect.
How is it the responsibility of the energy industry? All aspects of system design and energy policy sit with government, and the reason that there's so little reserve margin is because they've buggered up the wholesale energy market with their vast renewables subsidies (including renewables obligations) plus their carbon taxes on thermal plant. If there's no money in keeping plant open, or building new plant, who will build any?
If your lights go out, contact your MP, not your electricity supplier.
I can't help feeling like they kinda want this to happen. I mean, I'm sure they don't want people to die, but just think, a whole new kind of war! New laws to pass! A new defense industry! What a great time to be alive (and in power).
This post has been deleted by its author
"They have not been able to use it to kill people yet by attacking our infrastructure through cyber attack.
They do not yet have that capability. But we know they want it, and are doing their best to build it."
Translation: "Hey, what a great change to push forward the draconian surveillance laws we've been trying to get for so long!"
Maybe, but it also works the other way. The government can hardly push for backdoors, make encryption illegal and restrict the uses of tunnelled comms when the terrorists can now use those channels to directly attack us.
They can't undo that statement so any attempts to restrict encryption can now be met with an argument that without it it will make the terrorists aim of 'hacking' western targets easier.
"Maybe, but it also works the other way. The government can hardly push for backdoors, make encryption illegal and restrict the uses of tunnelled comms when the terrorists can now use those channels to directly attack us.
They can't undo that statement so any attempts to restrict encryption can now be met with an argument that without it it will make the terrorists aim of 'hacking' western targets easier."
You would be entirely correct if we were talking logical thinking. We are, however talking political thinking.
The "no liquids" rule, as ridiculous as it is and unlikely to prevent much was enacted after a real plot in London, UK to smuggle liquid explosive in soda bottles.
https://en.wikipedia.org/wiki/2006_transatlantic_aircraft_plot
"The "no liquids" rule, as ridiculous as it is and unlikely to prevent much was enacted after a real plot in London, UK to smuggle liquid explosive in soda bottles"
That is correct, however the security forces vastly overestimated the potential harm done. I can't remember where I saw it, but a real chemist did a detailed analysis of the 'binary liquid explosives' behind that plot and found that either combing the 2 liquids properly required a couple of hours to 'cook up' in lab conditions (not something you could get away with in an aircraft toilet) or else the liquids would need to be pre-combined in which case they would be so unstable that they would explode on the way to the airport.
In other words the "They would then construct the devices mid-flight and detonate them" bit is a complete fantasy
You're probably thinking of this article, which rubbished the in-flight production of TATP:
http://www.theregister.co.uk/2006/08/17/flying_toilet_terror_labs/
However, that wasn't the plan, as described by Lewis Page:
http://www.theregister.co.uk/2008/09/10/liquid_bomb_verdicts/
From what I gather the main explosive was hydrogen peroxide (possibly to be mixed with a powder like flour), being set off by a detonator (which was either TATP or HMTD).
And as he observed, the 'no liquids' (or rather, 100ml bottles max) rule wouldn't prevent a determined attack.
[...doh, ninja'd.]
"That is correct, however the security forces vastly overestimated the potential harm done...a real chemist did a detailed analysis of the 'binary liquid explosives' behind that plot"
As others have stated it was nothing to do with Binary Liquids, I even put a link to details about it. Plenty of harm could have been done and the "100ml" rule does little to stop it.
So George Osborne is now a terrorist then?
In its broadest sense, terrorism is any act designed to cause terror, so by suggesting that IS is planning an attack is in a narrower sense, terrorism. Especially as it can be understood to feature a political objective.
This constant scaremongering is pretty pathetic, I doubt that enough zealots have the ability to hack the UK. And surely if they went down the road of hiring skilled attackers then they would presumably have to put themselves to death immediately for paying for this foreign workforce. It should also be worth pointing out that when it comes to terrorism and the UK it is not very effective. During the London bombings on 7/7 there was a range of emotions, but the resounding emotion was akin to mild ambivalence. And that will never do!
On the other hand I have it on good authority that a successful attack on our power infrastructure which results in total loss of power (don't forget it is more than just the power stations, you have to get that electricity around the place) then we will have troops on the street and martial law in 24 hours.
That would be pretty terrifying.
Considering how insecure most banks are (if you know what you are looking for) then I can't imagine a network as complex as the power infrastructure of an entire country is entirely, or even remotely, hack-proof.