Tuesday, September 04, 2018

Interview with a cybersecurity excerpt on how air-gapping of infrastructure components could be compromised, so a major cyberthreat



On a day with a riotous morning in the Senate starting the confirmation hearings for Brett Kavanaugh – it was “back to school”.  We’ll get back to that again.

I did a phone interview of John Gomez from Sensato (Spanish for “sensible”), a cyber security company in Red Bank, NJ.  We talked about my Medium essay on media coverage of the varied threats to the US power grid (solar storms, EMP – E1 and E3, and cyber) – which I mentioned and linked on Aug. 30 on my “BillBoushka” blog (q.v., through the Blogger Profile). 

I will follow up on this in a lot more detail on Wordpress in the next few days.

But I wanted to mention the “air gap” issue.  The “air gap” is what is supposed to keep electric utility control centers (controlling power loads through transformers) and other infrastructure components (pipelines, water purification, etc) topologically separated from the public Internet.  That is, it’s not supposed to be possible for a hacker to reach any such system from the computer I type on at home, anymore than it could reach military systems.

But there are “jump machines” which can connect the controllers briefly for updates.  Furthermore, there are ways USB ports can be compromised.  So a worm might be able to wait until connection happens.  You would think there could me more defenses, such as blockchain ideas – how does the Pentagon or NSA protect itself?


I’ll watch his videos tomorrow but share one of them now (above), about the Orangeworm, which can target healthcare systems. 


   
I can remember, when working for Sperry Univac in 1972-1973, that I worked in downtown Newark NJ at Public Service Electric and Gas (right next to Penn Station), as a site rep supporting the (Univac 1106/1108/1110)  Fortran applications.  Some of these did power grid calculations, although I don't know how the results would have been loaded to the control equipment then. This was a curious experience to remember given today's interview. 
    
This is a developing story.  

No comments: