Monday, December 07, 2015

Ted Koppel writes a book on cybersecurity, doesn't talk to any cybersecurity experts - What I am reading 12/7/2015

Techdirt - Ted Koppel Writes Entire Book About How Hackers Will Take Down Our Electric Grid... And Never Spoke To Any Experts -

Want to know how useful the book actually is? All you really need to read is the following question and answer from an interview Koppel did with CSO Online:
Did you interview penetration testers who have experience in the electric generation/transmission sector for this book?
No, I did not.
... appears that Koppel just spoke to DC insiders who have a rather long history of totally overhyping "cyberthreats" -- often for their own profits. In another interview, Koppel insists that he didn't want to be spreading rumors -- but doesn't explain why he didn't actually speak to any technical experts. 
“Going in, what I really wanted to do was make sure I wasn’t just spreading nasty rumors,” said Koppel in a phone interview.... “After talking to all these people, I satisfied my own curiosity that this not just a likelihood but almost inevitable.”

Seems kind of journalistically par for the course actually.  My standard disclaimer at this point, I am currently working in the energy sector - I can tell you that this is taken very seriously, and people work to prevent this kind of scenario every single day.  This is not something that is being ignored.

MIT Technology Review -  A Search Engine for the Internet’s Dirty Secrets:  Google is helping to power a new search engine built on a daily scan of the whole Internet. -

Every day Censys is updated with a fresh set of data collected after ZMap “pings” more than four billion of the numerical IP addresses allocated to devices connected to the Internet. Grabbing a fresh set of that data takes only hours.
The data that comes back can identify what kind of device responded, as well as details about its software, such as whether it uses encryption and how it is configured. Searching on Censys for software or configuration details associated with a new security flaw can reveal how widespread it is, what devices suffer from it, who they are operated by, and even their approximate location.

Sounds like a combination of NMAP and Shodan.  Personally I am all for responsible use of this tool.  If I was in charge of IT security I would use it routinely to find rogue outward facing devices.

Stratechery - Beyond Disruption -

No real good way to excerpt this - it's basically yet more fawning over how great Apple and UBER are.  I don't think either is true but I have to admit I am in the minority.

Post a Comment

So whats going on here

Not much.  Started indexing my ICS456 books (Fundamentals of Critical Infrastructure Protection).  I am still on track to be one of the fi...