A less vulnerable network loses fewer data and, in general, is less exposed so that no havoc is caused at this level, which would not only be cheap but can go much further depending on the attack received.
At the very least, a larger attack on critical infrastructure can cause disruption and put the IT assets at risk, but what about “redundant” systems where we have a system or technology that is redundant, which can still fail but without catastrophic loss of data or destruction of infrastructure? While the report states that these are as vulnerable as systems on a conventional network, what happens if the failover fails?
An incident on a cyber-grid could spread disruption to power generation, rail networks, or other key infrastructure assets and infrastructure because the failure mode could be unpredictable and destructive, and that’s why protecting your systems is important and there are resources which help with this that you can find in sites such as https://www.fortinet.com/solutions/industries/manufacturing.
Still with me? Let’s review:
Failure mode: Non-systematic or “broken link” in a chain-repetition-transmission model.
Not-systematic: There is no evidence of an intentional attack, except for a very few cases.
Critical Infrastructure: Cyber-grid failure when used in maritime cyber risk management affects power generation, rail, communications, financial and other crucial assets, with loss of data leaving the customers without power or reliant on backup systems.
Cyber-grid: In case of any failure, failure modes include “systematic” and “broken link” which aren’t present in conventional infrastructure or networks.
There is no way to know what would happen because no one’s testing those levels, except some people talking.
What is that test to verify? I guess it’s like knowing if a car works but with different components, and without a human operator.
I’ve heard the “breakpoint” concept used, and “path forward” sometimes when I’m asked to point out the shortcomings of the cybersecurity approach.
“Back in 2010, during an event known as the Bellagio blackout, there was no way to know exactly where the outage was coming from. The team in charge of testing for such incidents was not familiar with the Internet, where the real-time capability of such services was limited and testing wasn’t comprehensive. What happened? A group of hackers took control of a router in one part of the network and used it to send a massive surge of traffic from a different part of the network, knocking out 100s of back-ups in seconds. Had a similar event happened on the public Internet, we would have seen complete chaos.” IT security expert John Diggs, speaking on Bloomberg on June 26, 2014.
So, what happened? Had we had a network with a system to failover (say, a petri dish that could “failover” to other different systems in a secure and reliable way), a disaster would have been avoided with far less disruption to consumers, businesses and the economy than if there had been an Internet outage.
How can we really trust a central government to keep its promise?
“All we can say for sure is that our Federal government is open for business. And all we can say for certain is that the Constitution was not violated and that the cybersecurity program is working.” Vice President Joe Biden, on May 16, 2014.
It’s worth pointing out that the cybersecurity agencies and their critics are often at odds. While the U.S. government has yet to announce a major incident where a government or contractor system was compromised by cyber-criminals, some security experts and lawmakers complain that there is not enough transparency and privacy protections for consumers and businesses.