16 comments

[ 2.6 ms ] story [ 45.6 ms ] thread
Good book. Covers the same ground as a number of other ones, but has some new information and he interviewed more technical people than most of these books do. If you aren't familiar with this area at all it would be a good place to start.
"Took over the facility’s automated controllers and caused the centrifuges to self-destruct."

I have a problem with the truth of this statement

It's all pretty well documented in a wide variety of sources, but if you want the definite read check out "Countdown to Zero Day" by Kim Zetter. Lots of technical information about how Stuxnet/Olympic Games actually worked. A good book as well.
I think they are questioning the “self-destruct” claim.

My understanding is that the aim was to have the centrifuges return erroneous information rather than obvious sabotage like self destruction.

Wasn't the idea that the centrifuge would spin in a way that causes premature failure, but the controller display would instead show it spinning at the correct speed? Depending on how you interpret the meaning of the word "erroneous" this could align with what you're saying.
The devices controlling the centrifuges would return erroneous information (that everything was fine) while causing the centrifuges to self destruct. So it would appear everything was working properly and the centrifuges were just failing for unknown reasons, which would cause the workers at the enrichment facilities to draw the wrong conclusions about the source of the problem.
My understanding is that the aim was to have the centrifuges return erroneous information rather than obvious sabotage like self destruction

In @War it’s explained that Bush pursued the false data strategy but Obama escalated it to over-revving them to destroy them. Good book.

Does the book talk about how the centrifuges are from Siemens and that Siemens still has offices in Iran?
(comment deleted)
How many paragraphs, but no mention of the agar on which this is all growing - the incompetents connecting all of this Swiss cheese to the Internet in the first place. It's like if there were a spate of car break ins because everyone in a neighborhood got complacent with leaving electronics on their passenger seats. But then rather than the police cautioning people to tidy up, they branded the trend "autowar" while seeking federal assistance for their novel problem.

The Internet, by its very foundation, has always been best regarded as an environment of hostile noise. Creating direct communication between people in different countries fosters mutual understanding and peace, but requires a reliance on technical laws to cross jurisdictions. The people beating these "drums" are simply looking to avoid that technical responsibility by imposing their jurisdiction onto everyone else. These are ultimately the same destructive warmongers that have traditionally plagued humanity, setting their sights on subjugating the latest frontier.

Did I ask you to put my electricity supply on the internet? No: I did not. I did not ask SCADA to go on the web. I didn't ask hospitals, power nets, gas supply, airlines, police to do this.

Nobody asked for the critical infrastructure to be exposed and made brittle. A bunch of turkeys just thought it was a good idea.

I'm very happy that medical data can be transferred digitally some places though. It's taken 6+ months to transfer records when moving.
That can be done between federated EPIC EHR systems using their API endpoints without exposing those endpoints to the public internet (either over VPN or dedicated lines). With that said, the API endpoints are exposed for rebranded EPIC mobile apps to interface with the EHR systems operated by health systems (for consumer access), as well as Apple Health (which can OAuth to EPIC).

I don't know how Apple Health is pulling data in from the VA health system [1] (one would assume an API of some sort), but I plan on exploring it soon.

[1] https://www.apple.com/newsroom/2019/11/health-records-on-iph...

That's a people problem, not a physical records problems. If they wanted to, they could put your records in an envelope and send it anywhere in a day.
https://www.nybooks.com/articles/2019/12/19/drums-of-cyberwa...

“a cybersecurity researcher .. demonstrated .. the easy availability of the .. unsecured access points of the industrial control system — the ICS — of a wastewater treatment plant not far from my home in Vermont.”

Have these people ever given consideration to not connecting their SCADA units directly to the Internet.

https://www.theregister.co.uk/2003/08/20/slammer_worm_crashe...

https://www.theregister.co.uk/2004/08/16/power_grid_cybersec...