Stanford reports security breach, urges password changes
Original post made on Jul 26, 2013
Read the full story here Web Link posted Thursday, July 25, 2013, 8:56 AM
on Jul 26, 2013 at 7:53 am
Assuming that the hack wasn't an inside job, a reasonable assumption, then this breakin plus the F-35 data thefts, and others we read about should rationally put an end to the notion that there is such a thing as security for systems with connectivity to the Internet. It may be inconvenient and more expensive but separate non-connected systems offer the only relative security.
The F-35 breach sounded as though it will cost 10's of billions up and may cost lives. Some fairly high level people should be fired for that one. There should be more strict and expensive liability for breaches that leak SS numbers and other personal data. Today we have factories where a $1200 dollar PC running a multimillion dollar machine is reachable from the Net. Perish the thought that a refinery, pipe line, power plant, or reactor could be hacked if they are connected. It is proposed that the power grid be run off the Net though the power companies have right of way everywhere.
Of course to connect to the world or not is a risk/benefit calculation, but the fact is that most workers have no real need for external Internet connectivity at all. It's a perq. There can be a physically separate net(s) for those that do. Cloud connectivity and BYOD may need to be separated. Yes it's an expense, but a breach may be very expensive indeed. Tort lawyers should have a field day. Failures like Stanford's can be used to show that Internet security is illusory. That's a compliment.