I was reminded today by a series of articles like the one about something called "Crashoverride", which most of my readers have never heard of. It was supposedly discovered in the Ukraine which has been plagued by Russian hackers of all sorts. Its purpose is to disrupt electrical utilities.
Sometimes we can point to things that were done to make a name for a company, like Mandiant's following of Chinese Army hackers getting into U.S businesses, which turned out well for everyone involved. We got to prove the Chinese government was involved, and Mandiant got sold, making money for their owners. It was a good thing for everyone.
In this case, however, we should think more clearly about how a company talks about certain things which threaten our country's power grid. I used to be on the President's Critical Infrastructure Protection Committee where we did talk about things like this - what was known about it, how it was produced and who likely made it. Those were secret things that we did not want the world to know because it causes the developers to work harder at improving their product so it can't be detected and works better than before. This is not the kind of thing we want to improve.
We used to get help from some government offices when this kind of thing came up. They would go and talk to people who were trying to discuss this kind of thing in the public domain. I kind of wonder what happened to that kind of effort. It seems to have gone away.
No comments:
Post a Comment