How to trust surveillance regulation when authorities aren’t even willing to secure water supply systems against terrorist attacks?

Some may assume that we can regulate our way out of the surveillance problems created by Big Tech monitoring networks. But how can you trust regulators when government secrecy includes a policy of not letting common people know about terrorist hacking attacks on our water supply systems?

Brian Krebs:

What’s most interesting about the Florida water system hack? That we heard about it at all.

“So, given how easy it is to search the web for and find ways to remotely interact with these HMI systems, why aren’t there more incidents like the one in Oldsmar making the news? One reason may be that these facilities don’t have to disclose such events when they do happen.” (…)

““It’s a difficult thing to get organizations to report cybersecurity incidents,” said Michael Arceneaux, managing director of the Water ISAC, an industry group that tries to facilitate information sharing and the adoption of best practices among utilities in the water sector. …”

““Some utilities are afraid that if their vulnerabilities are shared the hackers will have some inside knowledge on how to hack them,” Arceneaux said. “Utilities are rather hesitant to put that information in a public domain or have it in a database that could become public.””

“Weiss said the federal agencies are equally reluctant to discuss such incidents.”

““The only reason we knew about this incident in Florida was that the sheriff decided to hold a news conference,” Weiss said. “The FBI, Department of Homeland Security, none of them want to talk about this stuff publicly. Information sharing is broken.”” (…)

“Many security professionals have sounded off on social media saying public utilities have no business relying on remote access tools like Teamviewer, which by default allows complete control over the host system and is guarded by a simple password.”

“But Marcin says Teamviewer would actually be an improvement over the types of remote access systems he commonly finds in his own research, which involves HMI systems designed to be used via a publicly-facing website.”

““I’ve seen a lot of cases where the HMI was directly available from a web page, where you just log in and are then able to change some parameters,” Marcin said. “This is particularly bad because web pages can have vulnerabilities, and those vulnerabilities can give the attacker full access to the panel.”” (…)

““In reality, it’s not that easy to introduce toxins into the water treatment so that people will get sick, it’s not as easy as some people say,” he said. Still, he worries about more advanced attackers, such as those responsible for multiple incidents last year in which attackers gained access to some of Israel’s water treatment systems and tried to alter water chlorine levels before being detected and stopped.” (…)

“Many smaller water treatment systems may soon be reevaluating their approach to securing remote access. Or at least that’s the hope of the Water Infrastructure Act of 2018, which gives utilities serving fewer than 50,000 residents until the end of June 2021 to complete a cybersecurity risk and resiliency assessment.”

““The vast majority of these utilities have yet to really even think about where they stand in terms of cybersecurity,” said Hildick-Smith.”

“The only problem with this process is there aren’t any consequences for utilities that fail to complete their assessments by that deadline.”

Do you feel safer after reading the above article?

When foolish “authorities” can’t even properly regulate simple computers in water supply systems how can you have faith in their ability to regulate the AI and surveillance networks of Big Tech?

When governments rely on computer systems which require that common people are kept in the dark regarding major threats – in order not to give away info to hackers – is it not better to go back to the old water supply tech we had prior to 4IR (the fourth industrial revolution)?

Secrecy, occlusion and lack of transparency are essentially inherent in the 4IR innovations of Big Tech. If you doubt that, read New Dark Age by James Bridle. This “black box” is basically a covert state within the state, more hidden and obscure than your average “deep state” bureaucracy. It contradicts the main pillars of real constitutional democracies. But who is man enough to fight it?

Maybe Lauren Boebert will rescue us:

The photo is meant as a joke, because I’m a 2A feminist, only making fun of today’s cowardly men, so don’t interpret it as me or Lauren supporting violence against Big Tech.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s