I looked up the Russian laptop that was found in a New England power plant to comment, but found it to be a story that was not reported correctly at the time:
https://www.snopes.com/fact-check/report-vermont-power-grid-infiltrated-by-russian-hackers/I have heard of ransomware crippling hospitals and law firms. Any business is vulnerable to hackers, your identity, contact information, and business information is being bought and sold daily. Not only are criminals using that information to target victims, they are also using it to impersonate vendors, organizations, and other people you may expect to receive information from. If you receive a suspicious email, check the domain and contact information given. If there is an attached invoice that you are not expecting, always question it. Call and follow up.
Software and remote work stations now rely heavily on cloud servers. Cloud servers can be great work platforms or back-up solution. If you are using relying on 1 cloud server, not only are you putting your eggs in one basket, you are giving up physical possession of your own work. My friends laugh at me for still buying music CDs. Well, that's how I ensure, I don't lose my collection!
One big change recently was the switch to VOIP phones. I believe we are witnessing the last stand of the old dedicated telephone number associated with a landline. The plague of phone scams can be viewed as the last gasp of the old technology. It won't be long before our VOIP is free of that number and associated with some sort of verified online account.
Cybersecurity is ever-changing and technologically intense. It is best that engineers rely on strong IT departments or IT vendors for support. Engineers need to have knowledge of how and where their information is being stored. They need to recognize the signs of bad actors and be protective of proprietary information.
Engineers and business owners in general can often find state resources on cybersecurity. Rhode Island has a public and private partnership to help identify and educate businesses on cyber threats:
Rhode Island Joint Cyber Task Force
http://risp.ri.gov/ccu/cyber.phpThey have events throughout the year and regularly send out updates on new threats. You can probably sign up even if you are out of state, or see if your own state has such a program.
------------------------------
Chad Morrison P.E., M.ASCE
Professional Engineer
Greenville RI
------------------------------
Original Message:
Sent: 11-22-2019 08:07
From: Yance Marti
Subject: Cybersecurity Against Global Hackers
"Across Europe, controllers watch in disbelief as electrical grids collapse. There is no power, anywhere. Surely it's a glitch. Maybe it's a malfunction. But the lights don't come back on."
-Blackout, by Marc Elsberg
The teaser for the English edition of author, Marc Elsberg's 2017 thriller about cyber-terrorism sets the stage for a scenario where a cyber-terrorist network shuts down the global power grids and plunges the world into economic disaster. The scale of the attack depicted is much larger than anything that has ever happened, however, similar attacks have already caused havoc over the last several years.
Andy Greenberg has written several recent articles in Wired magazine about exploits by the Russian state-sponsored hackers – Sandworm, who disrupted the 2018 Korean Winter Olympics, targeted the French election, triggered power blackouts in Ukraine, interfered with the 2016 US election, and unleashed the NotPetya cyber-attack. Both Atlanta and Baltimore were shut down in sophisticated ransomware attacks by an Iranian group called SamSam in 2018. The increasing severity of their attacks and those of other state-sponsored groups is putting any internet-connected infrastructure at risk.
In an article published online at ASCE News, Brad Allenby and Mikhael V. Chester discuss the vulnerabilities that today's Civil Engineers should be aware of.
How have your upcoming projects adapted to provide more cyber-security against robust attacks? Are your computer networks safe from a cyber-attack which would allow hackers access to detailed plans for public infrastructure or buildings?
------------------------------
Yance Marti P.E., M.ASCE
Civil Engineer IV
City of Milwaukee
Milwaukee WI
------------------------------