Sen. Mark Warner (D-Va.), who's been a leading voice in Congress on the issue, told Axios that if Americans knew how many ransomware attacks were happening every day, it would "blow their minds."
The Colonial hack, coupled with the Russians' SolarWinds attack — which had a breathtaking scale penetrating some 16,000 companies — has made people realize a cyber enemy could shut down an entire economy, Warner said.
Note what Warner didn't say, nor has anyone else: This is all -- every bit of it -- due to employers everywhere coddling little snowflakes and cutting corners instead of telling all those little snowflakes to shut up and do their damned jobs.
It's really not that hard folks.
Go into virtually any business and look on a desk. There's a computer. Walk up to said computer. Type in "https://facebook.com" and hit return. Does it work? Now try Google. Or Yahoo. Or pretty-much anything else.
How about email? Running Exchange, a known dangerous piece of code that more than fifteen years ago I was contracted to write a front-end for because the agency in question knew it was dangerously insecure and didn't want to get screwed? How come they knew and nobody else did? The truth is that everyone did and does know but nobody cares; it's far more important to have convenience than security.
Pipeline operator? Heh, you don't have a right-of-way from one end to the other already, do you? Oh, wait, you do? Then why didn't you run fiber along said right-of-way and have your own transport infrastructure that is impervious to electrical disturbances, other than at the repeaters of course which require power. Why wasn't it true that every computer that could in some way interact with said control system, including billing, and the control system itself wasn't on a sanitary network on private infrastructure with exactly zero outside connectivity of any sort -- and no exceptions? If you needed to work from home why wasn't it done like the DOD does it, where the machine has a nailed VPN that cannot be overridden, the employee has no administrative access, yes, even the CTO and CEO, the USB ports don't work and for the love of God you can't get on Facebook from it because said machine only connects back to a sanitary network with no outside links!
Mobile devices? Same deal. Oh, we should do "BYOD" and save money; it would be so terrible to issue corporate devices which can't be used for anything but corporate work and won't talk to anything else either because they too are nailed-VPN. Uh huh, and get hacked because your employees are snowflakes and demand they can have their cellphones on the corporate wifi which can get out of the building. Why is that in any way connected to anything internally? Because it's convenient, that's why.
But -- but -- but I have to have my phone in my pocket wails the snowflake employee, and I will dieeeeeeeee if I have to work in this steel building where there's no signal. Why it was absolutely terrible in the 1980s and 1990s before such things existed; why, the phone on my desk is not good enough for meeeeeeeeeeeeeeeee!
Then there's the "cloud." Oh, you put your data and some processing there eh? How's it connected back to the office(s)? How secure is said "cloud" and said connections? Can you, and have you, vetted every employee at said cloud company that has administrative access, including all who have hypervisor access to the underlying machines? Manage to steal an encryption key or worse, the credentials to issue certificates and such (e.g. into your VPN'd "safe zone") and the rest doesn't matter very much, you know.
Yes, I know cloud is cheaper. It's also less-secure. You're not running data and commands to and from such an environment that are rather important for operations and safety, are you?
Let's cut the crap eh? I know full and damn well how to prevent this sort of thing from happening. I've done it for a long time. Indeed part of the problem is that these idiots who cater to snowflakes instead of telling them to shut the hell up and do their job or quit wind up in a never-ending update chase to try to stay ahead of security issues which you will never win and which cause more problems due to programming bugs than if you did it the right way in the first place which is that when at work you work and said networks that do important things have zero connectivity to the parts of the Internet where the bad guys try to break in from -- and that's all of it other than your business' infrastructure. If you need to tunnel over potentially-unsafe places because it's cheaper to buy connections on a no-guaranteed-bandwidth and transport basis than pull your own infrastructure that's fine assuming you're good with the risk of transport being uncertain but the connection between the two points is nailed-VPN and properly maintained so exactly nothing else enters or leaves same.
If you have some business reason for employees to be able to do research or otherwise on the Internet from your facility then you put a second computer on the desk of each person so-authorized who has a verifiable business reason to do so and it is from there that all such happens, with logs and full accountability. Anyone who tries to play games with crossing between the two "worlds" is instantly fired. Any laptop or other machine that has to leave the building has a TPM in it and the disk is encrypted; if someone tries to tamper with it so sorry, so sad, the TPM refuses to unlock the disk and the person who played the game has to bring it back to IT where everything flashable is re-flashed, the machine is reloaded and the employee is fired.
And you never, ever connect any of the important stuff to anything that isn't equally-secure or better. Which means not on the "cloud" 99.9% of the time.
Yes, folks, I know how to do this stuff. It is my wheelhouse. Nobody wants to do it and Warner, along with the rest of the screaming goats in Congress and elsewhere know damn well how to do it because the DOD in fact does it.
In short Axios is simply mealy-mouthed garbage; they are no more a "news" organization than are any of the others, nor is Congress.
Want to know why?
They're both full of snowflakes too.