Hacker News new | ask | show | jobs
by mjevans 1849 days ago
Laws need to be passed which mandate that critical infrastructure continues to function safely, without corporate comms networks.

If your billing and tracking system breaks tough, that's the cost of picking poor software and not training employees.
2 comments
kube-system 1849 days ago
Ironically enough, sometimes it might be other laws that necessitate those systems to be running in order to continue operations. Critical infrastructure is often fairly regulated for other reasons (depending on what it is), and those systems might be used to meet some other compliance/regulatory requirements.

I have found myself working on these kinds of systems professionally, although we were able to air-gap them.

I guess you could say that inability to comply with those other regulations is also a “too bad, you should have thought of it” scenario, but those are not always laws we’d want them to break. (Safety, etc)

And at some level, critical infrastructure is no more of an expert at preventing cybercrime than a shopkeeper is at preventing shoplifting. I do think we need the government to stand up a bit here and help to prevent this crime in the first place.

link
bawolff 1849 days ago
I assune you have to be pretty incompetent to be damaged by randsomware. It cant hurt you if you have backups, and i dont understand how you could run a major company without backups.
link
philprx 1849 days ago
Taking down a system to reflash it with backups can take significant time that translates often in big companies to 10x-100x the ransom cost.

That's also why there are tensions between big companies / victims and law enforcement agencies because they have divergent interests: keeping the business running vs prosecuting and blocking criminals

Did you give data protection job a go? They're heavily recruiting people who can really make a difference. But it looks often easier than it is ;-)

link
nitrogen 1849 days ago
The ransomware hurts if the ransom is to keep the hackers from posting your documents.
link
bawolff 1849 days ago
Maybe, but is that the situation that the fuss is about. That sort of scenario surely doesn't involve a business shutdown.
link