TLDR; is a book review series. It usually sticks to technical topics, but all books are selected to help industrial and factory automation professionals.
Sandworm, by Andy Greenberg, could both qualify as an informative, eye-opening read or an utter horror story. The topic is actual cyberwarfare. In particular, an attack on Ukrainian agencies, covering the sophistication of the red team and how it was made possible by the sheer complexity of large organizations.
I will not spoil too much, but it is an obviously cautionary tale. The book is rife with example of networks that should not be connected, backups that were not properly made and the consequences of a simple fact: computers are crucial in every facet of modern life.
If you read this book and are not horrified, think about some of the jobs you have been on. Think about what would happen if that eWON you use to get on-site was compromised. Or, if you are the customer, think about what would happen if the person on the other end of your eWON was not who you thought they were.
Financially, it makes sense not to have people on-site all the time. A pump station with two floats and two pumps could be run by a person, rather than your control panel. Where do you draw the line?
Whatever you do, back-up plans are essential. Do you have an offline AD controller, like the one that saved Maersk? (Read more about that here, here or here.) Do you have the written documentation and parts to get something back up? Do you have alternative suppliers for parts? Do you have integrators you can call for help, if you encounter something outside of your skillset?
Mind, if you are critical infrastructure, the issues go far further, but that is beyond the point. I have gone on a tangent again, for which I apologize.
Book is 10/10, read it and expect nightmares
Comments