Utilities Racing To Secure Electric Grid 113
FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."
it always baffles me (Score:5, Insightful)
... why are mission critical devices connected to the internet
sure we know that the weakest link is the meatware, not the hardware, but still...
Re:it always baffles me (Score:4, Insightful)
Why the hell are mission-critical systems connected to business networks that are themselves connected to the Internet?
Because the functioning of the business relies integrally on both.
Look... I sympathize with the "air gap" argument, but it's not the mid-90's anymore. Business has been transformed by the ability to connect industrial systems with centralized command centers with payment systems with other companies. It's not for execs to have bullshit ipad dashboards... it's for the business to make operational decisions that will take effect in the upcoming hours/minutes/seconds, to meet contractual and legal obligations, to feed customer- and billing-related systems (no point in running a business if you can't cut a bill, eh?).
The world's not going back... VPN's, firewalls, segregated networks, etc., etc., but "air gap" won't do it anymore. Data is the lifeblood of business.