U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor' 190
SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"
translation (Score:4, Insightful)
Haliburton now has a kompootar division that needs money.
you mean they could have spent less money spying.. (Score:5, Insightful)
Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.
I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.
Re:And just how easy can this be .... (Score:3, Insightful)
Why Is the Power Grid on the Internet? (Score:5, Insightful)
Re:Is that so? :p (Score:5, Insightful)
Re:Really?! (Score:5, Insightful)
Why not leave them on an intranet
No! Never connect critical computer systems to an intranet (assuming you mean a general purpose internal network).
It's just too easy for a worm infection to create a bridge with the internet, or some person connecting his laptop to his phone to read slashdot and thereby creating a bridge.
These systems should be on their own network, and all communication should be encrypted using public-private key pairs (secure tunnels, so systems can only communicate with other systems when they're allowed to). Managing the keys/tunnels would be a hassle (making sure an authorized human is in the loop), but good security always has its costs.
Re:What a shocking declaration! (Score:5, Insightful)
I've been reading these overblown scare stories with regularity since I've been reading /. ... it just means it's budget allocation time again for the 'cybersecurity divisions' and these types of reports are just a way of trying to justify oversized budgets for ever-larger 'departments' to push paper around while pretending to protect you from something.