Profile picture
, 13 tweets, 2 min read
My Authors
Read all threads
You know, working in industrial cybersecurity, two under appreciated verticals have always particularly worried me -sewage and transport/logistics.

Seeing what happens when we merely lose our global supply of toilet paper has certainly not assuaged my concerns about either.
... And this is just people not being able to wipe their butts.
Did you know arguably the first and one of the grossest industrial cyberattacks was against a sewage treatment plant? Long before stuxnet or anything sexy?
Homeboy got mad at the facility he was doing a gig at because they didn’t hire him on, and dumped millions of liters of raw sewage into fresh water bodies.
We don’t think about sewage because it’s gross and stinky and we’re culturally conditioned not to talk seriously about poo. But so much of what separates us from disease and filthy streets are unseen processes that remove waste and treat it. Whether industrial or private septic.
And sewage treatment process failures can have a lot of insidious repercussions that aren’t necessarily a highly visible giant poo storm set off by an angry jobseeker.
Logistics.... Oh man. Over the last few weeks we’ve seen what merely a relatively tiny imbalance in supply chains can do to a single staple good. It’s not even a lack of manufacturing toilet paper - analysts suggest it has a lot to do with TP going to consumers and not offices.
We live in this amazing, horrifying just-in-time economy that we’re going to see bizarre ripples in for weeks or months even with our supply chain only moderately disrupted. Small problems have far reaching impacts. Look at poor Maersk.
It’s never been the power going out that really scared me. We all know that that looks like and how to handle it. It’s tangible and visible and there are very good recovery and DR plans to rebalance and restore power (with the exception of local areas with major physical damage).
That’s a risk that gets a lot of attention, and it’s one that we are rapidly aware of and gets relatively fast response.

It’s the quiet butterfly effects that worry me in ICS security because they can be so much more insidious.
... And because it takes a substantial societal breakdown like this for even clever, educated people to start wrapping their head around what those problems might look like if they were caused intentionally.
Anyway this is what I think about at 3 AM.
(I think about hacking poop and trucks)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Lesley Carhart

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @hacks4pancakes see all

Profile picture
Lesley Carhart
@hacks4pancakes
Not only do underprivileged people have less chance of being able to keep their job or self isolate right now, they also are less likely to have a device they can run Zoom / Hangouts on to join recreational, educational, or social events on. Or know how to do it.
Nobody much is talking much about how to educate *adults* to use web conferencing or get them cheap laptops or tablets. Nobody is talking about them needing to keep their cameras off when they do because they don’t have a pretty office or living room to do yoga in.
I see moderate efforts to help kids and some limited ones (not enough) to help the elderly but almost nothing to help people trapped in tiny apartments or group living situations who can’t use any remote resources right now.
Read 7 tweets
Profile picture
Auntie Lesley, in isolation
@hacks4pancakes
I want to see the plan for protecting vulnerable people - particularly the elderly in retirement homes when:
- Their caretakers go home
- We have no tests
- COVID-19 is asymptomatic in many carriers
- We have a shortage of PPE.
It takes one caretaker coming in with no fever.
By the time cases start cropping up, ~5-15 days later, it's too late. No ventilators, not enough doctors, vulnerable people. I shouldn't need to draw you a picture.
Don't pretend you can hand wave this away with "we'll protect the most vulnerable". What that looks like in these circumstances is total lockdown with even the caregivers unable to leave. For perhaps 18 months or more whilst someone produces a vaccine.
Read 11 tweets
Profile picture
Auntie Lesley, in isolation
@hacks4pancakes
Has anyone done metrics on how much new RDP and vulnerable/old/misconfigured concentrators have appeared on Shodan in the past week?
The problem is most of us are trying to find where our own feet are, right now. There will likely be a lot of such questions to answer and a lot of tech debt over the coming weeks.
Tangentially, I wonder how many IR teams are equipped to deal with a major cybersecurity incident not in their office if travel / flights are hard shut down. Internal and retainer. Dealt with this during curfew after hurricanes.
Read 6 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!