China wants to target critical infrastructure like water facilities and energy grids, FBI director said
Chinese state-sponsored hackers have conducted widespread cyberattacks on critical American infrastructure in recent years, intending to give the country the ability to cause “a devastating blow” against the US, according to FBI Director Christopher Wray.
“The fact is, the PRC [People’s Republic of China] targeting of our critical infrastructure is both broad and unrelenting,” he told a security conference in Nashville on Thursday, describing China’s hacking programme as growing in strength.
“It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” he added.
Last year, security analysts at Microsoft identified mysterious code linked to communications systems in Guam, the US territory in the Pacific with a massive strategic air base.
Officials believe the code was the work of Volt Typhoon, a Chinese state-sponsored hacking group.
I’ll never understand how our infrastructure isn’t on a completely separate air gapped network.
Obviously they need to share data in house, but the government absolutely has the resources to run their own separate intranet that’s not at all connected to the global internet, and yet they just plug their shit into consumer lines and hope their security is up to snuff.
Sometimes an airgap isn’t enough (Stuxnet is a good example), but realistically cybersecurity is an afterthought unfortunately. Simply go onto Shodan and lookup Schneider or Allen-Bradley to see how many of these controllers are accessible directly from the internet
Nah man, this is my game, air gap systems aren’t really a thing for anything non-military anymore. Companies want a real-time view into their production for making business decisions.
There are ways to secure your control systems network properly without a full airgap with proper boundary controls between the various layers of your Purdue model as well as fully separate Active Directories just to make a start.
Its actually an entire independent cybersecurity specialisation for OT networks. For anyone who is interested I would recommend Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions by Clint Bodungen its a fantastic read and very easy to follow.
Now the concept of air gapping still exists in this architecture, its designed to be able to “Island” which is where you break the connection between your corporate and OT networks when an incident has occurred on the corporate side essentially creating an airgap.
They don’t even need to run a separate network. The NSA has long since figured out a way to move secure data over an insecure network. The problem is that most of the US’s infrastructure is run by “for profit” companies. And since they are neither required, not is it profitable, to have robust security, they don’t. Instead, they do the bare minimum to be compliant with whatever frameworks they are required to. And since basically every one of those compliance frameworks is all about having the right documentation and never actually audit systems directly, their actual security is shit.
If you want companies to start taking security seriously, then we need GDPR style fines when companies get breached and are found to be running operating system and software which is years out of date. Compliance frameworks also need to get into the nitty-gritty details of OS and software configuration and not just “have a baseline”.
I mean a lot of government shit is still on the old cobol code.
You can’t upgrade when congress won’t allocate money for your department to do so. Or raise the taxes necessary to raise that money.
Fuck raising taxes (unless it’s only rich fucks and corporations then I’m OK with it) they can take 1% of that infinite money stream they have running for the defense budget. We don’t $1 trillion for the military
I’m not sure why you assumed I meant anyone other than the rich and corporations on the Lemmy news community.
We don’t even need to increase taxes at all, the budget they have is completely insane, it’s that lie that keeps getting us to the “we don’t have the money so we need to raise taxes”. We have it, we just have children who don’t know how to manage it spending it.
Here is a link to the Independent story above without the tracker bullshit.
No, it is not.
Last year, security analysts at Microsoft identified mysterious code linked to communications systems in Guam, the US territory in the Pacific with a massive strategic air base.
is currently pointing to:
hxxps://clicks[.]trx-hub[.]com/xid/esimedia_t58ukgmjkf95_theindependent?q=http%3A%2F%2Fgo.redirectingat.com%2F%3Fid%3D44681X1458326%26url%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F07%252F29%252Fus%252Fpolitics%252Fchina-malware-us-military-bases-taiwan.html%253Fsmid%253Durl-share%26sref%3Dhttps%3A%2F%2Fwww.independent.co.uk%2Fnews%2Fworld%2Famericas%2Fchina-hackers-fbi-wray-infrastructure-b2531182.html&p=https%3A%2F%2Fwww.independent.co.uk%2Fnews%2Fworld%2Famericas%2Fchina-hackers-fbi-wray-infrastructure-b2531182.html&article_id=2531182&author=Josh+Marcus&tag=FBI%2CHackers%2Cinfrastructure%2CChristopher+Wray%2CMicrosoft§ion=World&category=Americas&sub_category=&updated_time=2024-04-18T23%3A19%3A22.000Z&utm_campaign=news-body&utm_term=B-1&utm_content=&utm_medium=mobile&ref=ground.news&utm_source=ground.news&fbclid=&gclid=
On the 225 in Denver Wednesday night, northbound, there was an enormous section of the road, at least five miles, where two lanes were closed. No workers working. None of the road was torn up. Just comes closing all but one lane for miles.
Traffic was at a crawl. I had passengers in my car and we crept along for maybe 15 minutes through this weird phantom “work zone”.
The weirdest part is that the google maps traffic data showed the whole stretch of road as solid green, despite the fact we were going like 5-10 mph with frequent stoppage in a 75 mph zone.
