Tuesday, January 12, 2016

Will Free Range Kids Bring Down The Electric Grid - What I am Reading 1/12/2016

Ars Technica - Say “Cyber” again—Ars cringes through CSI: Cyber -
The future of Cyber is currently in doubt. CBS has pulled its timeslot to make room for a midseason replacement, so there may well be only a few more opportunities for the latest CSI franchise to cyber-scare network viewers with plots loosely based on something producers read about on Yahoo Answers. OK, to be fair, Cyber's writers are at least occasionally inspired by actual vulnerabilities that have been ripped from the headlines. It's just often these headlines are several years old.
I have been banging the CSI Cyber is a crime against humanity drum for awhile now.  Glad someone else has caught up.  Now we just need to try the producers and jail them in Spandau Prison.

Backchannel - I Moved to Linux and It’s Even Better Than I Expected -

It's a Linux lovefest.  Chris over at Carnifex.org, who is also an almost exclusive Linux user, has a counter argument.  There are some really good things about Linux, especially as a server OS, and I say use what works for you, but this article ignores or downplays the fact that Linux is way too confusing for most average users.  It also downplays just how shitty Libre Office, Google, Docs, etc. are for real world (i.e. profit driven) work.  

These next two are kind of related

Dark Reading - Project 'Gridstrike' Finds Substations To Hit For A US Power Grid Blackout -

Remember that million-dollar Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the US could cause a blackout across the entire grid? Well, a group of researchers decided to see just what it would take for a small group of domestic terrorists to identify the US's most critical substations -- using only free and public sources of information.
...
They then were able to come up with 15 substations that serve as the backbone for much of the electric grid: knocking out those substations would result in a nationwide blackout, they say.

Dark Reading - 83% of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016 -

On the heels of the cyberattack that caused a blackout in the Ukraine, the lion's share of cybersecurity professionals think a successful cyberattack on critical infrastructure is likely to happen in 2016 -- 37.56 percent high, 45.55 percent medium likelihood -- according to ISACA's latest Cybersecurity Snapshot report. (The survey was conducted Dec. 21 through Jan. 2, so it was open for a small window before the breach Dec. 23.)
Of course InfoSec pros think there will be a successful cyberattack.  It's what they are paid for.  Not saying they are wrong, They aren't, but there is an institutional bias to respond that way.  Why even ask the question?  I would start worrying if they started saying everything was hunky-dory.  As for the Project Gridstrike article - these articles pop-up every couple days.  Yes, grid security is a huge issue, but as I have said before it's also one people are aware of and work on constantly.  It's not like this issue is being ignored as this article implies, but the scope of the issue is huge and a viable solution is not easy to come by.

The Register - Future Snowden hunt starts with audit of NSA spooks' privileges -

According to this memo (PDF) from Carol Gorman, an assistant inspector general in the Department of Defense's Readiness and Cyber Operations, an audit is going to ask whether too many individuals have privileged access to NSA computers.
In the memo, Gorman says the audit begins this month, to check whether the NSA's initiatives since Snowden “are effective to improve security over its systems, data, and personnel activities”.


Well if they had done that in the first place we wouldn't have this problem now, would we? Principle of Least Privilege

Fast Company - Federal Law Now Says Kids Can Walk To School Alone -
The recently-signed Every Student Succeeds Act contains a section (858) that protects the rights of kids to walk or go out alone. The act was sponsored by Utah senator Mike Lee, who is a supporter of the Free Range Kids movement, and provides some hope for parents who feel that their kids should be allowed some autonomy to get by own their own.
What the hell has happened to this country that this law is even required?  Honestly though the cops will ignore it, because they are cops and they can.  What I am really waiting for is that day a families home is seized under civil forfeiture because their kids were alone in the park after dark.














No comments: