1. 16
  1.  

  2. 17

    I hope they follow this advice:

    If Brodsky were advising Oldsmar officials on better securing their water treatment plant, “the first thing I’d probably do, and this almost doesn’t cost anything, is you disable the remote access,” he said. When remote access is required, as occasionally is the case, connections should be manually allowed by someone physically present and the access should time out after a brief period of time.

    That feels like something that should probably be true for other physical infrastructure that’s monitored by on-site operators 24/7, like dams and power plants, as well.

    1. 7

      I worked for a major national retailer many years ago (2002 or so), on the network team. Our job was to network all of the stores/warehouses/distribution centers together.

      Each location was connected via IP/VPN backhauled over whatever local provider made sense, but each site also had a phone line with a modem connected to the serial port on the router, so if things really got borked, we could dial in and fix it.

      I would call up stores all the time and get some random employee (cashier, baker, whatever) and ask them to go back to read off the numbers off the back of the modem for me. I had a 100% success rate, and they never verified my identity.

      (Yes, we did keep a list of those modem numbers centrally. Stores would regularly change them for various reasons, or would disconnect them because they needed to plug something else in, or whatever, so that list was not nearly as accurate as it needed to be.)

      1. 4

        That sounds like a great movie scene.

        Of course merely being able to connect, be it via phone or IP, shouldn’t be the sole barrier to access. We hope.

        For things where remote access is the exception rather than the norm like this, I think there’s still significant benefit to having remote access enablement be time limited, triggered by someone on the physical site, and accompanied by an entry in a log book. If nothing else, those log book entries can focus responses in a useful way.