Quicklinks 1/7/2012

 Quicklinks  Comments Off on Quicklinks 1/7/2012
Jan 072012

Other interesting items from this past week (or so):

Water hack wasn’t

 Analysis/commentary, Unauthorized access  Comments Off on Water hack wasn’t
Dec 052011

Recently it appeared the fear of a foreign hacker penetrating the online systems of American infrastructure had been realized with news that a Russian hacker had attacked and disabled a pump in an Illinois water system.  These fears have now been shown to be misplaced: the supposed “hack” was a login by an engineer traveling in Russia at the time he was requested to perform some work on the system, and the pump broke down on its own, unrelatedly, months later.

Vulnerabilities of public infrastructure are not an idle concern.  The Stuxnet virus, which specifically targeted nuclear facilities in Iran, illustrates that infrastructure can be a compelling target and quite feasible to affect if those systems are not properly protected.

But the water system “hack” shows that proper protection of infrastructure — and, accordingly, any law intended to advance this — needs to be done carefully, with clear understanding of the actual threat and competent engineering not prone to panicked histrionics.  From the BBC article about it:

“Nobody checked with anybody. Lots of people assumed things they shouldn’t have assumed, and now it’s somebody else’s fault and we’re into a finger-pointing marathon,” wrote Nancy Bartels.

“If the public can be distracted from the issue of how DHS and ISTIC fumbled notification so badly, then nobody will be to blame, which is what’s really important after all.

“Meanwhile, one of these days, there’s going to be a really serious infrastructure attack, and nobody’s going to pay attention because everyone is going to assume that it’s another DHS screw-up.”