February 23, 2021 at 12:00 am
Comments posted to this topic are about the item Shared Security
February 23, 2021 at 1:41 pm
The story about the hacking of a water treatment facility in Florida reminded me of an incident I witnessed about 2o years ago, at a different state job. In this state facility they tested biological and water samples. Around that time some people were in the bad habit of writing the password to shared accounts on Post-It Notes, then affixing that to a monitor where multiple people shared the same username and password to an account. The CIO issued a decree that anyone using Post-It Notes to write passwords on would immediately be dismissed. Well, in one of those offices they had found a clever way of getting around the regulation. They didn't use a Post-It note. Instead, someone had modified the screen saver so that it would scroll the words:
The password is <the actual password then being shown>
I had to laugh aloud in bitterness at how they were being compliant with the letter of the law but violating the spirit of the law. And of course, tell them they had to change their screen saver.
Rod
February 23, 2021 at 6:56 pm
Crazy. In the nuclear plant, we were very strict with this. Password on post-it = pink slip.
We also disconnected the SCADA stuff from the external network. Everything controlled inside the plant was air gapped from the outside world. We did have PCs on the network that could read data, but anything that changed a setting was manual or on a computer system that wasn't networked with the outside world.
February 23, 2021 at 10:22 pm
Crazy. In the nuclear plant, we were very strict with this. Password on post-it = pink slip.
We also disconnected the SCADA stuff from the external network. Everything controlled inside the plant was air gapped from the outside world. We did have PCs on the network that could read data, but anything that changed a setting was manual or on a computer system that wasn't networked with the outside world.
Steve, that sounds very good to me. I have for years advocated disconnected networks for internal use, even with manual copy/transport to the outside world. This only makes sense to me. Especially since it was nuclear. ;>)
Rick
Disaster Recovery = Backup ( Backup ( Your Backup ) )
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply