What's new
Fantasy Football - Footballguys Forums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Cyber warfare (1 Viewer)

timschochet

timschochet

Footballguy
I keep hearing about this. Russia may use it against us, we may use it against them. I don’t really know anything about it. I’m hoping some people here do. Can they shut down our banks? Our communication systems? Our gas lines? Can we do the same to them? How real is this threat? 

 
timschochet said:
I keep hearing about this. Russia may use it against us, we may use it against them. I don’t really know anything about it. I’m hoping some people here do. Can they shut down our banks? Our communication systems? Our gas lines? Can we do the same to them? How real is this threat? 
Click to expand...
My admittedly rough understanding is that the answer to these questions is yes, yes, yes, yes, and very real.  

Cyber warfare is not something that just rose to our attention this morning.  People have been talking this topic for a couple of decades.  I doubt that our cyber defenses are very good, because the systems are complicated and interconnected and you only really need to find one vulnerability to do real damage.  But I should be shocked and very disappointed if our offensive capabilities weren't an order of magnitude ahead of a third-rate country like Russia.

 
TripItUp said:
I own a cybersecurity consulting firm have been in the industry for 20 years.

Shoot away with your questions.
Click to expand...
With just my cursory observations at the data companies I've worked at, cyber security is talked about a lot but actually pretty weak if a major attack came in. What do you see in your position?

 
Insein said:
With just my cursory observations at the data companies I've worked at, cyber security is talked about a lot but actually pretty weak if a major attack came in. What do you see in your position?
Click to expand...


Most firms recommend 5% of IT spend be security related.   Very few companies actually meet that metric.

So yes, private industry and non-federal institutions are generally not prepared for cyberwarfare.   That being said, some industries are more prepared than others.  Major financial institutions, for example, are relatively prepared here in the United States.

 
Last edited by a moderator:
timschochet said:
Can they shut down our banks? Our communication systems? Our gas lines? Can we do the same to them? How real is this threat? 
Click to expand...


banks - maybe temporarily, see JP Morgan incident

communication systems - some are vulnerable, the bigger the company, the more prepared from a private industry perspective

gas lines - as you know ransomware took down our gas line(colonial pipeline.)  Infrastructure is among the most vulnerable from a cyberwarfare perspective due to the culture and age of the environments.

 
Last edited by a moderator:
TripItUp said:
I own a cybersecurity consulting firm, have been in the industry for 20 years.

Shoot away with your questions.
Click to expand...
Trip, my understanding is that the electric grid remains highly vulnerable. Byzantine physical structure and super-outdated hardware and software systems. Not to mention highly centralized in terms of control systems and therefore more concentrated in terms of risk vs. more distributed systems. Can you quantify whether any of this risk is increased with all the geopolitical events? 

TIA

 
TripItUp said:
banks - maybe temporarily, see JP Morgan incident

communication systems - some are vulnerable, the bigger the company, the more prepared from a private industry perspective

gas lines - as you know ransomware took down our gas line(colonial pipeline.)  Infrastructure is among the most vulnerable from a cyberwarfare perspective due to the culture and age of the environments.
Click to expand...
Thank you. What else can they do to hurt us? If you were Russia and wanted to hurt the average American what would you do? 

 
TripItUp said:
Most firms recommend 5% of IT spend be security related.   Very few companies actually meet that metric.

So yes, private industry and non-federal institutions are generally not prepared for cyberwarfare.   That being said, some industries are more prepared than others.  Major financial institutions, for example, are relatively prepared here in the United States.
Click to expand...
Can you expand on what prepared means?  I assume stopping the attack, but how prepared?  I also assume recovery from a successful attack, but how quickly?  I’m sure those are very tough questions to answer if you aren’t directly involved with the specific company so some educating guesses is likely what is coming. But you’re educated guess is vastly more educated than mine so I’d be interested to hear it. Someone being able to take down our electrical grid for a length of time scares the hell out of me.  

 
Stoneworker said:
Trip, my understanding is that the electric grid remains highly vulnerable. Byzantine physical structure and super-outdated hardware and software systems. Not to mention highly centralized in terms of control systems and therefore more concentrated in terms of risk vs. more distributed systems. Can you quantify whether any of this risk is increased with all the geopolitical events? 

TIA
Click to expand...


Yes, risk has been increased.   And yes, the grid is particularly vulnerable for many reasons.  

The govt. put out a standard in 2008 called NERC-CIP that was meant to provide a standard for electricity companies, but not a lot has been done on the enforcement front until the last few years.

 
timschochet said:
Thank you. What else can they do to hurt us? If you were Russia and wanted to hurt the average American what would you do? 
Click to expand...
infrastructure and healthcare are the low hanging fruit

it doesn't cost much to go after the banks, but as I mentioned, they are relatively prepared.

 
Had a friend that liked to dabble in the underbelly of the interwebs. He said the Russian viruses were always the nastiest and most complex.  That was 10 years ago.

 
IvanKaramazov said:
The US managed to sabotage Iranian nuclear reactors that weren't even connected to a grid.  I think we probably have an ace or two up our sleeves if it comes to that.
Click to expand...


We certainly have offensive capabilities but they are all classified as you can imagine.  I have friends/colleagues that are in this particular space and relatively little is known regarding capabilities.  A lot of the smartest guys in the space have been gobbled up by the govt. over the past decade.   

 
Not that Russia is likely to be attacking any of you personally, but this is a good time to remind everyone to ensure you have two-factor authentication set up across all of your major accounts (email, banks, credit cards, etc.) If you can avoid the option where you receive an authentication code via text message -- and you can't always -- then do that. Some services let you authenticate through their app, and you can also download an app like Google Authenticator and use it for multiple services. But anything you set up is better than nothing.

Here's a quick primer: https://www.nist.gov/back-basics-multi-factor-authentication

 
ignatiusjreilly said:
Not that Russia is likely to be attacking any of you personally, but this is a good time to remind everyone to ensure you have two-factor authentication set up across all of your major accounts (email, banks, credit cards, etc.) If you can avoid the option where you receive an authentication code via text message -- and you can't always -- then do that. Some services let you authenticate through their app, and you can also download an app like Google Authenticator and use it for multiple services. But anything you set up is better than nothing.

Here's a quick primer: https://www.nist.gov/back-basics-multi-factor-authentication
Click to expand...
By the way, if John Podesta had had 2FA on his Gmail account in 2016, the Wikileaks hack may never have happened.

 
TripItUp said:
I own a cybersecurity consulting firm, have been in the industry for 20 years.

Shoot away with your questions.
Click to expand...


Is my crypto safe?

ETA: I have 2FA for withdraws (Google authenticator).  Don't personally care about my bank accounts they are FDIC insured.

 
Last edited by a moderator:
IvanKaramazov said:
The US managed to sabotage Iranian nuclear reactors that weren't even connected to a grid.  I think we probably have an ace or two up our sleeves if it comes to that.
Click to expand...
Beat me to it.  The fact that the US *doesn't* usually do this kind of thing is way way different than saying we can't do it.

 
joffer said:
nobody click on nothin.
Click to expand...
I heard a radio report last week that says there is starting to be things sent out that you dont even need to click on to infect your computer.  Not sure how that works, but that's what I heard.  

Plus, as I'm sure many of you have experienced, my company sends test phishes out.   Then about a week later they send a report out on how many clicked, and how many even took it further(filled out info etc).  It is NEVER 0%.  Ever.  So some knucklehead out there is gonna click when they get an email saying they just won the Nigerian lottery, no matter how much you train them.

 
Last edited by a moderator:
Snotbubbles said:
Is my crypto safe?

ETA: I have 2FA for withdraws (Google authenticator).  Don't personally care about my bank accounts they are FDIC insured.
Click to expand...


cold storage is the safest storage IMHO, unfortunately.  Even then, it can be physically stolen.  Money is never completely safe.

 
Last edited by a moderator:
TripItUp said:
cold storage is the safest storage IMHO, unfortunately.  Even then, it can be physically stolen.  Money is never completely safe.
Click to expand...
So cash wrapped in butcher paper buried at the bottom of the chest freezer?  Under the purple freezy pops since no one ever grabs for those.  

 
beef said:
So cash wrapped in butcher paper buried at the bottom of the chest freezer?  Under the purple freezy pops since no one ever grabs for those.  
Click to expand...


more like a secure USB in safety deposit box...I would not store at home if it is a sizable amount.

 
Shameless plug,  my firm does ISO 27001/SOC2/HIPAA/HITRUST/NIST/pen testing etc. if any of you work for companies that need these services.

I give out generous referral bonuses.  :)  

 
beef said:
So cash wrapped in butcher paper buried at the bottom of the chest freezer?  Under the purple freezy pops since no one ever grabs for those.  
Click to expand...
Wha?!?  Those are the grape ones.  Everyone loves grape.

This sounds like something a Communist would say. [/McCarthy]

 
TripItUp said:
I own a cybersecurity consulting firm, have been in the industry for 20 years.

Shoot away with your questions.
Click to expand...
What industries are the most prepared and least prepared? Is the adult industry doing their part in securing their systems?

 
You must log in or register to reply here.

Similar threads

timschochet
Republican legislators are threatening to punish corporations that are trying to fight climate change.
Replies
7
Views
899
The Commish
The Commish
timschochet
Is nuclear energy the answer to climate change?
2 3 4
Replies
199
Views
8K
Phil Elliott
Phil Elliott
(HULK)
Literal Fake News
Replies
21
Views
1K
rockaction
rockaction

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top