|
|
|
|
|
|
by rtpg
3451 days ago
|
|
|
Serious question: How can software arrive onto critical infrastructure? For example, if it's possible to update the software on the infrastructure, there's going to be a delivery mechanism, right? One could imagine that coming from some process that is further up the chain until, eventually, you arrive at infrastructure that would be attached to the laptop. For example, what if some build server got compromised (assuming that was the state of the art)? Some software backups, along with some phishing/false alarm to trigger a rollback? Having rules like what you're saying is extremely helpful, but I imagine it's very likely for there to be a path between many devices to the infrastructure, even if its several jumps away. The chain of trust is probably very long. |
|
|
Social engineering is the best way to infiltrate the airgapped infrastructure.