Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.
....and I just thought: following the ransomware attack on Colonial, the lovely, fabulous cyber people at ENB must surely be on the lookout, hardening their bunkers, eh? The pigs who hacked Colonial do not deserve to even LIVE, by the way.
For all practical purposes. any entity that uses the standard internet for critical infrastructure control is at ongoing serious risk, no matter what "hardening" they may attempt. I firmly believe that no software, no matter how supposedly "bulletproof", is exempt from malicious hackers eventually finding a way to get entry.
That is exactly why we at San Francisco designed our Public Safety radio and data system to be completely independent of the commercial internet. Our communications equipment and protocols are essentially identical to those used on the commercial internet, BUT we used our own secure microwave and fiber transmission systems, which have absolutely no interconnection to the public internet system.
If the United States wants a truly secure internet for critical operations, we need to build a separate internet system which does not interface with the public network. Such a system could possibly be monitored by an agency such as the National Security Agency, with the understanding that ALL traffic on that network would be subject to full-time monitoring. All traffic deemed critical to the national safety, especially command-and-control data systems such as the Colonial system, should be legally required to use such a system.
The equipment and maintenance costs could be at least partially paid for by charging customers for usage. If a company such as Colonial chose not to use that system, they should then be legally subject to civil lawsuit, and be held financially liable for whatever damages occur to all parties affected by their negligence. The fact that they chose not to use the secure network would be considered direct evidence of such negligence.
It's time to get serious here folks, and quit with all of the bullshit.
@Old_Joe. TOTALLY agree. But why should a choice be given AT ALL? The law should be written in such a way that essential infrastructure services be REQUIRED to use the gov't-created, sooper-dooper secure, no bullshit system. Jesus, it's a good thing I'm not in charge. As the saying goes: "HEADS WOULD ROLL."
Comments
That is exactly why we at San Francisco designed our Public Safety radio and data system to be completely independent of the commercial internet. Our communications equipment and protocols are essentially identical to those used on the commercial internet, BUT we used our own secure microwave and fiber transmission systems, which have absolutely no interconnection to the public internet system.
If the United States wants a truly secure internet for critical operations, we need to build a separate internet system which does not interface with the public network. Such a system could possibly be monitored by an agency such as the National Security Agency, with the understanding that ALL traffic on that network would be subject to full-time monitoring. All traffic deemed critical to the national safety, especially command-and-control data systems such as the Colonial system, should be legally required to use such a system.
The equipment and maintenance costs could be at least partially paid for by charging customers for usage. If a company such as Colonial chose not to use that system, they should then be legally subject to civil lawsuit, and be held financially liable for whatever damages occur to all parties affected by their negligence. The fact that they chose not to use the secure network would be considered direct evidence of such negligence.
It's time to get serious here folks, and quit with all of the bullshit.
OJ