Is Hacking a Bounded or Unbounded Danger?

by phil on Saturday May 9, 2009 12:02 PM

It's always been an open-question as to whether hacking is something that will ultimately become a concern of grave physical danger (hacking hospital networks, and controlling treatment, for example) and subsequently become a matter of national security.

This article about Hackers breaking into the FAA gives me pause:

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency's mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming "insiders," according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator's password in Oklahoma, installed "malicious codes" with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

In the 90s I wrote off hacking as at worst, causing identity theft. I always I assumed that to protect a system, you just make sure it has no connection to anything connected to the Internet. Shouldn't be too hard right? Or is Internet so ubiquitous that a place like the FAA is too complicated, with too many Internet-facing devices and Ethernet cables that it can't isolate their mission-critical networks. Or maybe they can still trivially isolate a control tower from outside traffic, but that something complicated like NORAD or a mission-support network that relies on networks across large physical distances are privy now.

Because what's next? A hacker getting into our defense system?? Time to get a job in security.

Creative Commons License