Discussion: View Thread

  • 1.  Cybersecurity Against Global Hackers

    Posted 11-22-2019 08:50 AM

    "Across Europe, controllers watch in disbelief as electrical grids collapse. There is no power, anywhere. Surely it's a glitch. Maybe it's a malfunction. But the lights don't come back on."

    -Blackout, by Marc Elsberg

    The teaser for the English edition of author, Marc Elsberg's 2017 thriller about cyber-terrorism sets the stage for a scenario where a cyber-terrorist network shuts down the global power grids and plunges the world into economic disaster. The scale of the attack depicted is much larger than anything that has ever happened, however, similar attacks have already caused havoc over the last several years.

    Andy Greenberg has written several recent articles in Wired magazine about exploits by the Russian state-sponsored hackers – Sandworm, who disrupted the 2018 Korean Winter Olympics, targeted the French election, triggered power blackouts in Ukraine, interfered with the 2016 US election, and unleashed the NotPetya cyber-attack. Both Atlanta and Baltimore were shut down in sophisticated ransomware attacks by an Iranian group called SamSam in 2018. The increasing severity of their attacks and those of other state-sponsored groups is putting any internet-connected infrastructure at risk.

    In an article published online at ASCE News, Brad Allenby and Mikhael V. Chester discuss the vulnerabilities that today's Civil Engineers should be aware of.

    How have your upcoming projects adapted to provide more cyber-security against robust attacks? Are your computer networks safe from a cyber-attack which would allow hackers access to detailed plans for public infrastructure or buildings?



    ------------------------------
    Yance Marti P.E., M.ASCE
    Civil Engineer IV
    City of Milwaukee
    Milwaukee WI
    ------------------------------


  • 2.  RE: Cybersecurity Against Global Hackers

    Posted 11-25-2019 10:08 AM
    Edited by Chad Morrison 11-25-2019 10:37 AM
    I looked up the Russian laptop that was found in a New England power plant to comment, but found it to be a story that was not reported correctly at the time:
    https://www.snopes.com/fact-check/report-vermont-power-grid-infiltrated-by-russian-hackers/

    I have heard of ransomware crippling hospitals and law firms.  Any business is vulnerable to hackers, your identity, contact information, and business information is being bought and sold daily.  Not only are criminals using that information to target victims, they are also using it to impersonate vendors, organizations, and other people you may expect to receive information from.  If you receive a suspicious email, check the domain and contact information given.  If there is an attached invoice that you are not expecting, always question it.  Call and follow up.

    Software and remote work stations now rely heavily on cloud servers.  Cloud servers can be great work platforms or back-up solution.  If you are using relying on 1 cloud server, not only are you putting your eggs in one basket, you are giving up physical possession of your own work.  My friends laugh at me for still buying music CDs.  Well, that's how I ensure, I don't lose my collection!

    One big change recently was the switch to VOIP phones.  I believe we are witnessing the last stand of the old dedicated telephone number associated with a landline.  The plague of phone scams can be viewed as the last gasp of the old technology.  It won't be long before our VOIP is free of that number and associated with some sort of verified online account.

    Cybersecurity is ever-changing and technologically intense.  It is best that engineers rely on strong IT departments or IT vendors for support.  Engineers need to have knowledge of how and where their information is being stored.  They need to recognize the signs of bad actors and be protective of proprietary information.

    Engineers and business owners in general can often find state resources on cybersecurity. Rhode Island has a public and private partnership to help identify and educate businesses on cyber threats:

    Rhode Island Joint Cyber Task Force
    http://risp.ri.gov/ccu/cyber.php

    They have events throughout the year and regularly send out updates on new threats.  You can probably sign up even if you are out of state, or see if your own state has such a program.

    ------------------------------
    Chad Morrison P.E., M.ASCE
    Professional Engineer
    Greenville RI
    ------------------------------

    Original Message


  • 3.  RE: Cybersecurity Against Global Hackers

    Posted 12-04-2019 09:59 AM
    Our IT department makes it mandatory to regularly change passwords which is an important step in improving security. At home, I have been starting to use a yubikey, which is a special usb device that stores website passwords using two-factor authentication. It is supposed to be one of the best forms of password security and I highly recommend it.

    Definitely make sure that everyone on staff regularly meets with your IT department or consultant so that everyone understands procedures for securing any data or connections that you may have. Especially in today's world where there are many internet enabled work devices from data collectors, to smart phones, to laptops it is even more important to make sure that each of these has the same level of security. Any business or government entity hijacked by ransomware can be very expensive. Always make sure you back up everything regularly on a secure cloud-based server as well.

    ------------------------------
    Yance Marti P.E., M.ASCE
    Civil Engineer IV
    City of Milwaukee
    Milwaukee WI
    ------------------------------

    Original Message


Related Content