Protecting National Infrastructure and Privacy Campaigners – The “Dark Market”
Privacy and National Security can go hand in hand, in making business accountable. There is no point having the TSA inspect every passenger, when a hacker can shutdown Air Traffic Control or hijack the national grid.
By pushing business into “privacy”, we protect everyone, including our National Security.
Remember Venn diagrams from School?
Imagine two circles – one labelled “National Security”, the other labelled “Privacy”; you would expect the two to be mutually exclusive.
However, that is not true.
The two interests are aligning – so that now an intersection exists.
1. Smart Meters
GCHQ are warning civilians not to install smart meters. In a war situation, a cyber attack could switch off our electricity supply and water supply leading to chaos.
Privacy advocates argue that burglars could monitor electricity usage, as much as big business. Imagine your power consumption being sold to Google… and then resold on to anyone who would pay – including a wartime enemy.
The “dark market” in data, could lead to a complete shutdown of the National Grid during a wartime attack. So GCHQ and Privacy guru’s agree on something!! But that’s just the start of the alignment.
2. Siemens – for those who say I’m too supportive of good German engineering
Our civilian infrastructure works on PLC’s (Programmable Logic Controllers), which are prone to hacking and cyber attack. PLC’s are like the CPU – it’s programmed to do a job – but normally has less security on it than your Amazon account.
“Other forever day vulnerabilities date back as far as six years. A plugin added to the Nessus security scanner in 2006, for example, targets an FTP server that ships with the Modicon Quantum, a programmable logic controller made by Schneider-Electric. More than six years later, the back-door accounts hard-coded into the device remain.
Another buggy PLC that won’t be fixed anytime soon is the Siemens’s SIMATIC controller used in plants in the water, wastewater, oil, gas, and chemical industries. According to an advisory issued in September, “Siemens currently has no plans to patch this vulnerability,” which stemmed from an overflow that could allow attackers to execute arbitrary code on the targeted human-machine interface system.
3. Traffic Lights – Rugged.com
“equipment running RuggedCom’s Rugged Operating System has an undocumented account that can’t be modified and a password that’s trivial to crack. What’s more, researchers say, for years the company hasn’t bothered to warn the power utilities, military facilities, and municipal traffic departments using the industrial-strength gear that the account can give attackers the means to sabotage operations that affect the safety of huge populations of people.”
“It is esoteric, it is obscure, but this equipment is everywhere,” he said. “I was walking down the street and they had one of the traffic control cabinets that controls stop lights open and there was a RuggedCom switch, so while you and I may not see it, this is what’s used in electric substations, in train control systems, in power plants and in the military. That’s why I personally care about it so much.”
- Privacy and National Security can go hand in hand, in making corporations accountable for security of their products.
- By pushing business into “privacy”, we protect everyone, including our National Security.