Are you ****ing kidding me? [Cyberterror]

And ever constantly, we learn just how infallible governments can be.

Fallible. But I mean, that's not surprising, most big organisations don't get everything right all the time, the rank and file employees are only human after all.

I don't blame it on sheer stupidity: I bet theres CIA analysts whom have thought about this but its the higher ups who would say yeah we're not going to bother with this - I mean *snort* - whos going to fly a jumbo jet, into a building? I mean cmon, Johnson, thats just silly.

The fact is, there's lots of things bad people could do in our society that could do a lot of damage, if they decided to. And it's just not worth defending against every sort of threat possible. We could try, but it'd be so hard and inefficient, that the cure would be worse than the disease... and there'd still be a vulerability somewhere that would slip through the cracks.

Think about your example of them hijacking planes, and using them as missiles. I don't think it's that anyone thought it was impossible, pre 9/11.
It's just that people thought it was unlikely, and hoped no one would do it.

Today, your not allowed take sharp things onto the plane, but no one is really convinced that'd stop a determined attacker. You can talk about sedating people during air travel, or putting 2 air marshals on each plane, but even if you do this it just screws up air travel, the terrorists win (everyone is terrified), and the bad guys just go find some other way to cause mayhem.

You've just got to accept that unless you give up all your freedom, and sacrifice all your efficiency as a society, there's going to be room for small minorities to do bad things. You've just got to hope that no one is determined enough, angry enough, and evil enough to do those bad things, and try and make sure that if they do them repeatadly there's a means of catching them.

It's like reading about a stabbing on grafton street.
It's awful, and it could happen to you. You could just be walking down the street, and some random psycho could stick a knife in you. What do you do? Stay in? Wear a vest?
No, you just accept the risk, hope it doesn't happen, and live your life... the Gardai can't save the first victim, but they can catch the second one, and that's good enough. No one suggests metal detectors on grafton street - not because it wouldn't work, but because it wouldn't be worthwhile.


And so it is with computer systems... from desktops to SCADA, at differing degrees.
You could build systems that are perfectly secure... but it'd take a long time and a lot of money, and the problem you wanted to solve would probably be irrelevant by the time the system was ready. So you make an engineering tradeoff, a compromise.

With desktop computer, you accept a large risk that someone can break the security, as the consequences aren't that bad. (And people do accept these risks - everyone will moan about security after something bad happens, but people vote with their wallets, and in software, cheap and functional is what people have chosen).


You'd hope the tradeoff would be a bit different with scada, and other high risk systems... but it's always going to be a tradeoff.

Some critical utilities just won't be funded to the level of being completely secure, because no one would pay the price. The inefficiency of running your telco, or grid not like a military operation is generally worse than the consequnces of taking the risk that a determined attacker could do damage. At least that's the tradeoff in operation, thus far, and it does make some sense. As long as you make it that they have to be pretty determined and fairly skilled, maybe you've done enough of a job.
Maybe some nut will be able to cut the power, but some nut will always be able to do something bad, and there's worse things than that they could do.


And that's it... it's all very well to go moaning about 'how could anyone let this happen' after something bad has happened, but the fact is the price of perfect security is too high, but in IT and in the real world.
Sure, you've got to make attacks require some knowledge and determination - but after that spending the effort trying to all get along, so that no one wants to do those terrible things, is probably much more worth while.

D wrote: »

Some tec-savy person correct me if I'm wrong but in the article it said that there are 14 DNS servers on the planet and that they act like traffic lights for the internet as a whole.

I think the analogy of them being the 'big authorative' addressbooks above all the others is better. TCP/IP does the traffic lights stuff based on those addressbooks. fwiw http://www.root-servers.org/ says 13 servers

Cunny-Funt wrote: »

How is it boring? Someone managed to shut down a cities power grid from their feckin PC probably thousands of miles away.

Of course someone managed to down the power grid for a whole city, thats completely feasible and realistic, I mean it's a comment by a member of the completely down to Earth, anti-sensationalist bastian of truth that is the CIA, so naturally it is completely factual and not at all geared towards brokering support for thier actions. The fact that the speaker withheld any information that could be used to identify and confirm these events such as dates, times, places is due 100% to protecting national security and has nothing to do with not wanting to be proved to be talking utter bollix and propaganda.

Why would a pc controlling a power grid be online? Its not like power companys can't cable their own independent networks? You can break into a pc/server remotely if there is no outside link.

Reasons of efficiency and cost and practicality.

There's a lot of variables. For big critical infrastructure, in an ideal world, and in some practical cases, you can build two isolated computer systems/networks, and solve your security concerns that way. Even if you do this it requires a huge amount of organisational resources and military like discipline to make sure no computer is ever on both networks, no modem is ever exposed to the outside, no usb storage device ever passes between them etc.

If your talking about a medium sized commerical utility or infrastructure company (whatever about power, certainly communications, health, etc and there's a lot of interdependancy), even in a rich country, there's a huge operational cost to maintaining a seperate parallel network, laying your own cabling and so on, and a lot of companies are just going to choose a virtual private network running over existing internet technology for cost reasons.

Seems a little to lazy for me, must be small countrys that were affected.

Because in big countries, big infrastructure companies/government departments are run to the best IT security and efficiency standards?

Of course someone managed to down the power grid for a whole city, thats completely feasible and realistic, I mean it's a comment by a member of the completely down to Earth, anti-sensationalist bastian of truth that is the CIA, so naturally it is completely factual and not at all geared towards brokering support for thier actions.

Tbh, it requires more of a leap to say that they're making stuff up at this conference for shadowy conspircy reasons than that it actually happens.