This one's been all over the news lately, and I've been thinking about it quite a bit.
NERC reported that "electrical system operations" at an unnamed utility in the Western United States were disrupted.
I want you to read that again. Now close your eyes and think about it...
If you've ever read what I write, you'll know I don't apportion blame to the people tasked with security or with (most) vendors providing the tools. I'm not going to do that today, either.
What happened? Unpatched, web-facing "outer layer security" firewalls were exploited and used for a Denial of Service (DoS).
No outages were reported.
What happens next time ingress is gained, and it's something far deeper than a DoS condition? If months of reconnaissance go by as the bad actors take over infrastructure controls and the grand-daddy of the IoT, SCADA systems?
A DoS is bad. Don't mistake me. But this could've been much worse. If you can't see it, you can't stop it; if there's unrestricted, flat networking, you can't stop it; if you lack simple, cohesive policy and controls, you can't stop it.
The US has already inserted malware into SCADA devices in Iran and Russia. If we don't think that other nation-state actors aren't working on doing that back to us, well, we should climb back onto the turnip-trucks we fell off of, and go off-grid.
Because there won't be a grid.
TL;DR: control your East-West traffic by gaining visibility and then closing down every ingress point that's not specifically allowed.
Happy computing, all!
...a "lesson learned” report from the North American Electric Reliability Corporation (NERC) revealed that the incident involved a vulnerability in the web interface of firewalls used by the impacted organization.