And the answer is….PRISONS

The question posed in my last post was “what will be hacked next?”

Now we know: Federal prisons

Similar to the attack on satellites, systems that should have never been connected to the Internet… were.

And the results?

You could open every cell door, and the system would be telling the control room they are all closed

Here’s the thing…maintaining security is not easy.

It sounds easy.  Just turn on these settings, turn off some others, set good passwords, etc.

But once you add users, security starts to get chipped away.

  • This guy needs to access the system from home
  • That admin needs a hole in the firewall to run updates.
  • The client needs a new feature pushed out in two weeks, so we just need to make it work.  We’ll sort out the security implications later.

When building a system the three points for security are cost, flexibility, and security.  If you need it to be secure AND flexible, it will be very expensive.  If you don’t have a huge budget, either the flexibility or the security will be compromised.

It seems most choose the security, and it’s easy to see why.  Few people complain when the system isn’t secure enough, but if it isn’t flexible enough management will be hearing about it on a daily basis.

…and they are shocked when their organizations are compromised.

Advertisements

One response

  1. “…the researchers found that there was an Internet connection associated with every prison system they surveyed. In some cases, prison staff used the same computers to browse the Internet;” – bad idea.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s