Thursday, July 8, 2010

NSA to monitor internet

"US plans Cyber Shield to Utilities, Companies" read the headline in the Wall St Journal. Fearful of cyber attack that might shut down the electric grid or other critical infrastruction, NSA is running a secret surveillance program that gathers who knows what information to "protect" critical infrastructure from hackers.
The article went on to say that electric companies are using the public internet to remote control generators, switches, tranformer banks and other equipment. NSA claims that their top secret internet monitoring software can protect against cyber attack.
Trouble is, it won't work. If the hacker knows equipment internet addresses he can monitor traffic and decode it, learn the passwords, and then take control by transmitting perfectly genuine command messages. No way NSA can tell the difference between legitimate command messages from the electric companies and dangerous messages from hackers. Bits is bits, and they all look alike, ones or zeros.
Real fix. Command and control of critical infrastructure shall NEVER go over the public internet. Electric companies must be required to buy private circuits to operate the electric grid. The public internet is just too vulnerable. Unless we want the lights to go out all over the country just before the next Al Quada atrocity, we must harden the command and control network.

No comments: