Original post made
on Jul 26, 2013
This story contains 137 words.
If you are a paid subscriber, check to make sure you have
Otherwise our system cannot recognize you as having full free access to our site.
If you are a paid print subscriber and haven't yet set up an online account,
to get your online account activated.
Assuming that the hack wasn't an inside job, a reasonable assumption, then this breakin plus the F-35 data thefts, and others we read about should rationally put an end to the notion that there is such a thing as security for systems with connectivity to the Internet. It may be inconvenient and more expensive but separate non-connected systems offer the only relative security.
The F-35 breach sounded as though it will cost 10's of billions up and may cost lives. Some fairly high level people should be fired for that one. There should be more strict and expensive liability for breaches that leak SS numbers and other personal data. Today we have factories where a $1200 dollar PC running a multimillion dollar machine is reachable from the Net. Perish the thought that a refinery, pipe line, power plant, or reactor could be hacked if they are connected. It is proposed that the power grid be run off the Net though the power companies have right of way everywhere.
Of course to connect to the world or not is a risk/benefit calculation, but the fact is that most workers have no real need for external Internet connectivity at all. It's a perq. There can be a physically separate net(s) for those that do. Cloud connectivity and BYOD may need to be separated. Yes it's an expense, but a breach may be very expensive indeed. Tort lawyers should have a field day. Failures like Stanford's can be used to show that Internet security is illusory. That's a compliment.