White House 'wants Feds to draw up cyber-defences' for power plants The White House is reportedly getting all federal agencies together to develop voluntary cybersecurity guidelines for power, water and other critical infrastructure companies. The Feds will get 90 days to propose the regulations and put together a new cybersecurity council at the Department of Homeland Security with agents …
... by throwing 1271 federal agencies, 1984-odd contractors, several departments and subunits of several different military branches, some joint military divisions, and a complete hierarchy of commitees and task forces at coming up with "guidelines" for everyone else to follow. We sure we didn't forget to consult anyone?
I can't see this going wrong at all, nosiree. Absolutely not Unpossible. Forwards towards moving success and victory!
"We sure we didn't forget to consult anyone?"
Well, the utilities themselves. Bringing together the "homeland defense" stasi, the public sector, and the utilities, now that's a combo made in hell.
A pity that the threat is largely imaginary, because the systems used are far more robust than gubbermint believe.
You think it looks bad from the outside? You should try being on the inside!
We've got systems that are KNOWN to be compromised by malware that at least appears to have known fixes, but we can't apply the fixes because the higher ups are "still investigating the outbreak" and even after they are finished, aren't likely to issue the recommendation we're supposed to follow to clean it up. Although occasionally we will get a "follow best practices" solution.
Like to put up the flame icon, but need to be AC for obvious reasons.
Haven't there been calls to do this for like the past ten years or so?
A few simple fixes:
1. Hot glue all of the USB ports of those machines. Good luck plugging something in after that.
2. Disconnect them from the internet. Seriously, there is no reason to browse Facebook from a power station computer.
3. For those people that have to work off of the regular Internet AND work on a power plants systems, give them two machines.
No, I don't work in a power plant. Nor do I have knowledge of what the day to day operations are, but I do know that there should be no reason for a power plant systems to be connected to anything other than its own self. And certainly not accessible through the Internet or an execs computer, who we all know hasnt the foggiest clue as to what emails to NOT open.
but I've at least done enough reading to have an inkling of what the real problems are instead of your mindless rant.
The primary issue for power plants these days is monitoring the grid, not the furnace/reactor. That means scads and scads of remote monitoring scada equipment. And the best way to get it all connected back to the central monitoring station is via the internet. Yes, they do need to do a much better job at hardening things, but a magic wand solution simply doesn't exist.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
