Friday, March 31, 2023

Short Takes – 3-31-23

Do You Really Need Remote Access? SCADAmag.Infracritical.com blog post. Pull quote: “This is why, if you must use remote access, you have to convey strict policies and technical measures to ensure that there is some coordination. If there are operators on duty, you must call them and discuss what you’re going to do before and after you access the system. If anything doesn’t go as expected, STOP and then call them to coordinate. The operator on duty is responsible for everything that happens. Did you let the operator know that you’re there? Did you discuss what you were going to do and ensure that nothing you were going to do would cause excessive problems if it doesn’t go according to plan? Probably not.”

Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan. Mandiant.com article. Interesting, but limited, behind the scenes look at Russian state level hacking enterprise. Pull quote: “NTC Vulkan is a Russian IT contractor based in Moscow, which publicly advertises working on contracts with large companies and government agencies within Russia. The company’s website cites compliance with Russian government standards but does not publicly state working with Russian state contractors, such as research institutes or Russian intelligence services. Based on our analysis of the leaked documentation, NTC Vulkan has held contracts with Russian intelligence services on projects to enable cyber and IO operations, potentially in tandem with cyber operations against OT targets.”

Egad! 7 key British PCs of the 1980s Americans might have missed. ArsTechnica.com article. I owned one of the Timex Sinclair machines. Pull quote: “In 1982, after a brief stint under its original name in the 'States, the ZX81 re-emerged in the US as the Timex-Sinclair 1000, which the company marketed as "the first personal computer under $100."”

20-Years of S&T. DHS.gov retrospective. Pull quote: “The White House appoints Dr. Penrose (Parney) C. Albright to help develop the founding legislation for the Department and establish the Science and Technology Directorate (S&T). Dr. Albright and a cadre of scientists set up shop at the Transition Planning Office for the Department of Homeland Security at 8th & G Streets in Washington, DC, to stand up S&T with support from the Office of Management & Budget.”

‘Hurry Up and Get It Done’: Norfolk Southern Set Railcar Safety Checks at One Minute. WSJ.com article. An unusually pro-labor slant. Pull quote: “Whether PSR [precision-scheduled railroading] was a factor in the Ohio derailment hasn’t been determined. Current and former employees say that the changes haven’t improved safety and in some cases have been harmful. Broadly, industry executives and employees are divided on whether PSR contributes to accidents.”

Antarctic ocean currents heading for collapse – report. BBC.com article. Pull quote: “"The other larger implication that it could have is a feedback on how much of Antarctica melts in the future. It opens a pathway for warmer waters which could cause increased melt, which would be a further feedback, putting more meltwater into the ocean and slowing down circulation even more," she [Dr Adele Morrison] added.”

A president has faced arrest before Trump — for carriage speeding, 150 years ago. NPR.org article. Pull quote: “Grant was released on a $20 bond, which equates to just under $500 in 2023. He didn't contest the fine or arrest and expressed respect for West's decision to arrest him. The Memorial Fund reported that former MPD Chief Cathy Lanier said Grant had been issued three citations for speeding in his carriage during his time as president.”

Republicans want to cut $1 trillion in spending — and instead of introducing 1 bill, they've introduced 500 to do just that. BusinessInsider.com article. Should read “Republican extremists….” Pull quote: “The bill names included in the drop encompass everything from limiting funding for wildland fire management to the Kennedy Center. One bill says it would put a "limitation on availability of funds for Independent Agencies, Office of Government Ethics," while another similarly limits funds for "Allowances and Office Staff for Former Presidents." Similarly, yet another bill seems poised to limit funds for the "Supreme Court, Salaries and Expenses." Still no text on any of the bills.

1 comment:

Jake Brodsky said...

Thanks for the link to our blog site. The issue of remote access gives me tremendous heartburn for a variety of reasons. Usually people don't set out for the journey to a work place without being in some kind of roadworthy health. With remote access you have no idea if the person is fit for duty. The person doing the remote access could be in a semi-functional drunk state and nobody would be any wiser.

Further, just being on site with the sounds and smells around you can clue you in to a lot about what's really going on. With remote access the lack of boots on the ground, the lack of vision, feeling, smelling and hearing makes diagnosing what's going on less certain. You also can't see Lock-Out tags over SCADA unless people make an effort to record things there as well.

I recognize that it isn't always easy or practical to drive five hours to get to a site that just started alarming at 1 AM. Remote Access does have a place in our arsenal of tools. But it is used far more often than it should be. We need protocols, procedures, and limits. The days when some guy in a bar can show me a pumping station half-way round the earth and manipulate things just for fun are over (Yes, I had someone after hours at a trade show demonstrate this in 2005). It's time to get serious about locking this tool down.

 
/* Use this with templates/template-twocol.html */