The New York Times reports here that Russian hackers appear interested in attacking the U. S. power grid.
Here is a link to a Department of Homeland Security document on Aviation Cyber Initiative risk assessment.
It can be easy to consider cyber warfare to be less serious than traditional warfare. But let’s be clear: cyber warfare is warfare. Information disruption and theft may not be physically obvious but experience shows that attacks on information, wherever they come from, have very serious consequences, both immediate and long-term. The world has less experience with cyber-physical warfare, but its effects are dramatic. Keep in mind that even small-scale damage to infrastructure can take months to fix, given the long replacement cycles for such equipment. You don’t run down to Home Depot and pick up a substation transformer. This type of equipment is built to order, with weeks or months of wait time, even in the best of circumstances. A large scale attack against physical infrastructure could overwhelm repair abilities and lead to huge delays restoring capability.
Extremetech reports herehere that voting machine vendor Election Systems and Software has admitted to Senator Ron Wyden’s office that it sold remote connection software to some customers. The company had earlier denied installing such software. The systems using that software have since been retired.
Unfortunately, network configuration and computer security aren’t easy. Even a relatively small home setup requires a great deal of care. We really need better methods to set up and maintain secure computer networks. We need better methods to set up new networks. And since the existing networks won’t go away, we need better methods to monitor and fix networks. These methods need to be very easy to use and friendly to non-experts.
The past several years have brought us news reports of computing systems being used aggressively against infrastructure:
We have also seen security problems in home IoT devices. Security problems have allowed spying as well as using these devices as bots in attacks against others. I think it is time that we start to apply some simple civil defense principles to our home computing systems, both our general-purpose computers as well as embedded. I have increased my work to protect my home information and devices for a few months and I plan to continue and step up my efforts.
Backups have always been important to protect information. Given threats from ransomware and other techniques that attempt to compromise devices on a machine or a network, I keep copies of my files offline, making them harder to attack.
The recent reports of router vulnerabilities caused me to review my router configurations.
I continue to check my device passwords: I use non-trivial passwords, a wide range of passwords, and I do my best to be sure that passwords are enabled and non-default.
I am also careful about what devices I put on my network—if I don’t need it, I don’t add it to my network. More devices make for more points of vulnerability.
Extremetech reports here on a Samsung announcement of new LPDDR5 memory for 5G and automotive applications.