Hacker News new | past | comments | ask | show | jobs | submit login

They're not insane; they're just lying. 15 years ago it was believable that control networks were airgapped from the Internet. But today, the likelihood that some low-level tech has plugged a wifi router into the control network for his own convenience approaches 100%.



This seems unlikely, based on a past experience writing software for a nuclear facility.

While nothing is unassailable, everything I experienced made me feel generally better about the approach these people took to safety. They wouldn't allow people to use spreadsheets to make decisions... literally this was not allowed, you had to have an app with testing and verification systems. Also, they pointed large automatic weapons at me while searching every crevice of my car, using long sticks with mirrors and various other instruments. It was a relief to see that they take security and reliability more seriously than any other kind of outfit I've worked for, ever. The monitoring had monitoring.


If you did that in my previous company, you would get a visit from IT and a good tongue-lashing from your manager within 15 minutes of doing that. As a 20-something, it seemed like an overreaction. As a 30-something, it seems perfectly reasonable.


At a CNI site like a nuke plant you will get the interview without tea and biscuits lose your job and security clearance.


https://arstechnica.com/security/2015/10/report-finds-many-n...


Thank you. The downvote is amusing given the abundance of evidence in support of my comment. Did the downvoter think I was being sarcastic?


Anyone working for a Congress person might want to heed dreamcompiler's comment and introduce a bill to ban WiFi at all nuclear power plants.


I'd just make the executive staff of any firm that owns an plant like this personally liable for any cyber attack and call it a day.


Yeah no. Execute the managers - that'll fix it! Except its been tried (in history - feudal system etc). It results in management being entirely replaced by risk-taking con men, the only one who'll take the job.


Seems to make sense, but, could you provide examples?


China actually executes managers that make huge mistakes (poison in pet food etc). Does it fix the problem? Has manufacturing in China changed at all?


You would think by now the US would have dumped some millions into developing some proprietary network protocols for the "kill the earth" button they've developed?

Is it so naive to imagine there are tech firms who could/would lobby for a no bid contract to do it?

I'm not an expert but I think there are some interests aligned there. If Trump has enough political capital to push plans forward to overhaul everything, this doesn't seem that far fetched.


15 years ago the world was still coming to grips with cyber security, in the desktop realm it was a race to install and patch windows xp before it became infected with malware.

Today if infrastructure is not 100% airgapped (and even that isn't necessarily enough) then it should be considered criminal negligence.


Airgapping alone isn't enough, as the success of Stuxnet demonstrated.


It isn't air gapping if you have devices moving data in and out. Think of USB sticks and their ilk as a very high latency network.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: