Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

Regarding the hacking of critical network systems such as the recent "Colonial" situation-

I originally wrote the following as a comment to a post by Crash, but I feel that it's of sufficient importance to merit a post and new heading of it's own.

For all practical purposes. any entity that uses the standard internet for critical infrastructure control is at ongoing serious risk, no matter what "hardening" they may attempt. I firmly believe that no software, no matter how supposedly "bulletproof", is exempt from malicious hackers eventually finding a way to get entry.

That is exactly why we at San Francisco designed our Public Safety radio and data system to be completely independent of the commercial internet. Our communications equipment and protocols are essentially identical to those used on the commercial internet, BUT we used our own secure microwave and fiber transmission systems, which have absolutely no physical interconnection to the public internet system.

If the United States wants a truly secure internet for critical operations, we need to build a separate internet system which does not interface with the public network. Such a system could possibly be monitored by an agency such as the National Security Agency, with the understanding that ALL traffic on that network would be subject to full-time monitoring. All traffic deemed critical to the national safety, especially command-and-control data systems such as the Colonial system, should be legally required to use such a system.

The equipment and maintenance costs could be at least partially paid for by charging customers for usage. If a company such as Colonial chose not to use that system, they should then be legally subject to civil lawsuit, and be held financially liable for whatever damages occur to all parties affected by their negligence. The fact that they chose not to use the secure network would be considered direct evidence of such negligence.

It's time to get serious here folks, and quit with all of the bullshit.

Comments

Sign In or Register to comment.