Read on Twitter
You know, working in industrial cybersecurity, two under appreciated verticals have always particularly worried me -sewage and transport/logistics.
Seeing what happens when we merely lose our global supply of toilet paper has certainly not assuaged my concerns about either.
Seeing what happens when we merely lose our global supply of toilet paper has certainly not assuaged my concerns about either.
... And this is just people not being able to wipe their butts.
Did you know arguably the first and one of the grossest industrial cyberattacks was against a sewage treatment plant? Long before stuxnet or anything sexy?
Homeboy got mad at the facility he was doing a gig at because they didn’t hire him on, and dumped millions of liters of raw sewage into fresh water bodies.
We don’t think about sewage because it’s gross and stinky and we’re culturally conditioned not to talk seriously about poo. But so much of what separates us from disease and filthy streets are unseen processes that remove waste and treat it. Whether industrial or private septic.
And sewage treatment process failures can have a lot of insidious repercussions that aren’t necessarily a highly visible giant poo storm set off by an angry jobseeker.
Logistics.... Oh man. Over the last few weeks we’ve seen what merely a relatively tiny imbalance in supply chains can do to a single staple good. It’s not even a lack of manufacturing toilet paper - analysts suggest it has a lot to do with TP going to consumers and not offices.
We live in this amazing, horrifying just-in-time economy that we’re going to see bizarre ripples in for weeks or months even with our supply chain only moderately disrupted. Small problems have far reaching impacts. Look at poor Maersk.
It’s never been the power going out that really scared me. We all know that that looks like and how to handle it. It’s tangible and visible and there are very good recovery and DR plans to rebalance and restore power (with the exception of local areas with major physical damage).
That’s a risk that gets a lot of attention, and it’s one that we are rapidly aware of and gets relatively fast response.
It’s the quiet butterfly effects that worry me in ICS security because they can be so much more insidious.
It’s the quiet butterfly effects that worry me in ICS security because they can be so much more insidious.
... And because it takes a substantial societal breakdown like this for even clever, educated people to start wrapping their head around what those problems might look like if they were caused intentionally.
Anyway this is what I think about at 3 AM.
(I think about hacking poop and trucks)
