david_chisnall on Nostr: nprofile1q…xd2rl Now I'm curious if I know the right answers to any of these! I ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdsaxd2rl (nprofile…d2rl)
Now I'm curious if I know the right answers to any of these! I design chips, programming languages, and operating systems, I only pretend to know about security.
Can a hacker take down the US power grid?
As I understand it, the US power grid is not really a power grid it's a bunch of power grids, some of which interoperate. So probably not with a single attack? Especially Texas, which I think is completely disconnected from everything because otherwise they'd have to comply with government regulations and Freedom is more important than not freezing to death in winter.
In the UK, cyber attacks aren't my top worry for the grid yet (there are a few single points of failure with six-month lead times on replacements). There are enough poorly secured smart devices (including heat pumps) that you might be able to synchronise turning them on and off and damage bits of the grid. I don't think most of the critical grid infrastructure for a simple 'turn the grid off' is networked yet, but people are working on that, sadly.
NCSC has a bunch of concerns in this space and, at the very least, the process for the next generation smart meters is set up so that people have to listen to them. So I'm hopeful that this will become progressively harder.
That said: Are attacks that compromise some powerplant worker's phone camera and blackmail them in scope? Doesn't seem the easiest way for a nation-state attacker (the only people with a motive beyond 'the lulz' to want to do it) to do it though.
Is AI going to replace security analysts?
Yes, in many places. It won't give the right answers, but it will be cheaper and that's what the market usually wants.
Should AI replace security analysts is a different question with a simpler answer.
What operating system should business computers be running?
I don't think there are good answers to this one, but iOS is probably the least bad choice if it runs what you need. Or possibly DOS, since you probably can't figure out how to connect it to a network. Though I think FreeDOS has pretty good TCP/IP support now, so maybe that's not such a good choice.
Now I'm curious if I know the right answers to any of these! I design chips, programming languages, and operating systems, I only pretend to know about security.
Can a hacker take down the US power grid?
As I understand it, the US power grid is not really a power grid it's a bunch of power grids, some of which interoperate. So probably not with a single attack? Especially Texas, which I think is completely disconnected from everything because otherwise they'd have to comply with government regulations and Freedom is more important than not freezing to death in winter.
In the UK, cyber attacks aren't my top worry for the grid yet (there are a few single points of failure with six-month lead times on replacements). There are enough poorly secured smart devices (including heat pumps) that you might be able to synchronise turning them on and off and damage bits of the grid. I don't think most of the critical grid infrastructure for a simple 'turn the grid off' is networked yet, but people are working on that, sadly.
NCSC has a bunch of concerns in this space and, at the very least, the process for the next generation smart meters is set up so that people have to listen to them. So I'm hopeful that this will become progressively harder.
That said: Are attacks that compromise some powerplant worker's phone camera and blackmail them in scope? Doesn't seem the easiest way for a nation-state attacker (the only people with a motive beyond 'the lulz' to want to do it) to do it though.
Is AI going to replace security analysts?
Yes, in many places. It won't give the right answers, but it will be cheaper and that's what the market usually wants.
Should AI replace security analysts is a different question with a simpler answer.
What operating system should business computers be running?
I don't think there are good answers to this one, but iOS is probably the least bad choice if it runs what you need. Or possibly DOS, since you probably can't figure out how to connect it to a network. Though I think FreeDOS has pretty good TCP/IP support now, so maybe that's not such a good choice.