
The Drums of Cyberwar - howard941
https://www.nybooks.com/articles/2019/12/19/drums-of-cyberwar/
======
ggm
Did I ask you to put my electricity supply on the internet? No: I did not. I
did not ask SCADA to go on the web. I didn't ask hospitals, power nets, gas
supply, airlines, police to do this.

Nobody asked for the critical infrastructure to be exposed and made brittle. A
bunch of turkeys just thought it was a good idea.

~~~
tapland
I'm very happy that medical data can be transferred digitally some places
though. It's taken 6+ months to transfer records when moving.

~~~
toomuchtodo
That can be done between federated EPIC EHR systems using their API endpoints
without exposing those endpoints to the public internet (either over VPN or
dedicated lines). With that said, the API endpoints _are_ exposed for
rebranded EPIC mobile apps to interface with the EHR systems operated by
health systems (for consumer access), as well as Apple Health (which can OAuth
to EPIC).

I don't know how Apple Health is pulling data in from the VA health system [1]
(one would assume an API of some sort), but I plan on exploring it soon.

[1] [https://www.apple.com/newsroom/2019/11/health-records-on-
iph...](https://www.apple.com/newsroom/2019/11/health-records-on-iphone-now-
available-to-veterans-across-the-us/)

------
mindslight
How many paragraphs, but no mention of the agar on which this is all growing -
the incompetents connecting all of this Swiss cheese to the Internet in the
first place. It's like if there were a spate of car break ins because everyone
in a neighborhood got complacent with leaving electronics on their passenger
seats. But then rather than the police cautioning people to tidy up, they
branded the trend "autowar" while seeking federal assistance for their novel
problem.

The Internet, by its very foundation, has always been best regarded as an
environment of hostile noise. Creating direct communication between people in
different countries fosters mutual understanding and peace, but requires a
reliance on technical laws to cross jurisdictions. The people beating these
"drums" are simply looking to avoid that technical responsibility by imposing
their jurisdiction onto everyone else. These are ultimately the same
destructive warmongers that have traditionally plagued humanity, setting their
sights on subjugating the latest frontier.

------
EddieCPU
[https://www.nybooks.com/articles/2019/12/19/drums-of-
cyberwa...](https://www.nybooks.com/articles/2019/12/19/drums-of-cyberwar/)

“a cybersecurity researcher .. demonstrated .. the easy availability of the ..
unsecured access points of the industrial control system — the ICS — of a
wastewater treatment plant not far from my home in Vermont.”

Have these people ever given consideration to not connecting their SCADA units
directly to the Internet.

[https://www.theregister.co.uk/2003/08/20/slammer_worm_crashe...](https://www.theregister.co.uk/2003/08/20/slammer_worm_crashed_ohio_nuke/)

[https://www.theregister.co.uk/2004/08/16/power_grid_cybersec...](https://www.theregister.co.uk/2004/08/16/power_grid_cybersecurity/)

------
strictnein
Good book. Covers the same ground as a number of other ones, but has some new
information and he interviewed more technical people than most of these books
do. If you aren't familiar with this area at all it would be a good place to
start.

------
cyberglitch
"Took over the facility’s automated controllers and caused the centrifuges to
self-destruct."

I have a problem with the truth of this statement

~~~
strictnein
It's all pretty well documented in a wide variety of sources, but if you want
the definite read check out "Countdown to Zero Day" by Kim Zetter. Lots of
technical information about how Stuxnet/Olympic Games actually worked. A good
book as well.

~~~
mc32
I think they are questioning the “self-destruct” claim.

My understanding is that the aim was to have the centrifuges return erroneous
information rather than obvious sabotage like self destruction.

~~~
ghostpepper
Wasn't the idea that the centrifuge would spin in a way that causes premature
failure, but the controller display would instead show it spinning at the
correct speed? Depending on how you interpret the meaning of the word
"erroneous" this could align with what you're saying.

