I'm beginning to feel self-conscious about my posts on computer security. I'm not an alarmist. Really. Rather, I'm passing along to you, gentle reader, news on this topic, from today's Wall Street Journal:
Computer networks controlling the electric grid are plagued with security holes that could allow intruders to redirect power delivery and steal data, the Energy Department warned in a recent report.
Many of the security vulnerabilities are strikingly basic and fixable problems, including a failure to install software security patches or poor password management. Many of the fixes would be inexpensive, according to the Idaho National Lab, an Energy Department facility that conducted the study.
The report reinforces concerns that intelligence officials have raised in recent years about growing surveillance of the electric grid by Chinese and Russian cyber-spies, which The Wall Street Journal reported last year. One worry is that a foreign country could shut down power in parts of the U.S. [more]
This story is closely related to another story I posted, also from the Wall Street Journal.
Here's what I think almost everybody knows: We are drawn to work that's exciting and, dare I type it, sexy. Frankly it is exciting to break into a computer or network than it is to build a system that's unhackable. Then, we need to notice this: Systems are build by teams of people, sometimes including contractors and outsourced staff that's scattered around the world. All it really takes is just one person in this chain of trust to build in a simple back door and the entire system is compromised. Just the facts, dear.
