Recently, a mysterious caller claiming to be from Microsoft, offered step-by-step instructions to repair damage from a software virus. The person on the other end of the line, an electric power company employee, didn’t fall for it.
The caller, who has never been identified, instructed the employee to enable specific features in their computers that, if done, would have created a trapdoor in their networks. That vulnerability would have allowed hackers to shut down a plant and thrown thousands of customers into the dark.
OK. There is an easy way out of this little scenario: Computer systems that control plant processes (of any kind) should not be connected to the internet in any way, form, or fashion–unplug the bastard from the web. It would be very difficult for a hacker to get into an isolated system since the electron stream carrying the information can’t jump an air gap. I’m talking here about power companies, chemical companies, hospitals, pharmaceutical companies, BANKS, government agencies that deal with official use only data, and the list goes on. Keep someone at the plant or facility 24-hours a day to monitor processes, if necessary. It would certainly be a lot cheaper than paying some techie big bucks to fix something that shouldn’t have needed the repairs in the first place. Continue reading