Originally published at: https://boingboing.net/2019/07/12/hang-separately.html
…
I wonder if this resolution is quite as resolute about letting your insurer decide to take the less expensive way out…
If so it loses a lot of practical impact.
This resolution assumes that cities are being targeted… The reality is that a net is being cast as wide as possible. The cities are getting hit because they are easy targets that aren’t spending huge amounts of money on disaster recovery systems. It’s the same issue when hospitals are hit.
It’s like how nobody ‘negotiates with terrorists’ unless of course it’s in secret so that face can be saved (and also imminently the lives of hostages and crap like that)
Why don’t they instead resolve to pay, right now, somewhat-less-than-millions for the necessary upgrades and hardening to existing systems before they are infiltrated by Eastern European hackers?
or, at a bare minimum, off site and airgapped backups?
Remember, kids: two is one, and one is none.
Yep would have been much cheaper and everything back online faster if Baltimore would have just paid them. And they knew they had a backup issue for YEARS.
If they adopt another, obviously much-needed resolution to hire competent sysadmins who understand the concepts of backup and security then they might be able to fulfill this resolution.
How about this: don’t completely abandon paper-based and analog systems. Keep a contingency plan in place.
The sysadmins aren’t necessarily incompetent so much as under-staffed and under-funded. Their concerns are also easy for city administrators to ignore until something goes terribly wrong.
Replace “city administrators” with “senior management” and you have an accurate picture of the depressing state of things for corporate sysadmins.
That said, in some of these ransomware cases (especially in towns and smaller cities) it sounds like incompetence was at play, too.
C’mon, man. Resolving to never negotiate with terrorists gives you that warm glow of slightly macho moral certainty, just like in the movies. Does giving more money to the nerd cost center for their nerd toys and annoying ‘updates’ and ‘security policies’ give you that warm glow of slightly macho moral certainty?
You sound like one of those people who thinks that the right answer and the answer that feels right might be different things; a concept absurd to reason and dangerous to faith.
FYI Baltimore’s systems are still not back up. I’m going to have a hell of a water bill to reckon with, assuming there’s ever a way to pay water bills in Baltimore again.
Classic prisoner’s dilemma. Each city is better off if all other cities abide by the resolution no matter the cost, because that might discourage hackers from trying in the first place. But each city also has strong motive to pay the ransom to save themselves even higher costs.
Yeah in other words they resolved to pretend they aren’t the easy targets that they are.
I think it would have meant more if they had committed to adequately funding security analysis and improvements to their city’s systems.
Yes, it will cost a lot. In many cases I’d expect they’d literally have to double or triple their IT budgets to repair their current systems, add defenses, and add adequate security operations. And triple the typical budget is a hell of a lot cheaper than what Baltimore’s expenses have been.
South Bend, IN better lock-it-up. This could definitely become an issue in the next presidential election.
https://southbendin.gov/official/mayor-pete-buttigieg/
This topic was automatically closed after 5 days. New replies are no longer allowed.