Category Archives: Critical Infrastructure Protection

The Iran experiment?

I thought – the recent cyber attacks, not too frequent, but quite regularly, against broad civilian infrastructures in Iran, such as electricity, gas stations, trains and the like.

This kind of things that will not bother directly the regime, but will actually make it really difficult for the lives of the citizens there very extensively, who already suffer from difficult living conditions – is this an attempt to bring them to despair and rage that will lead them to a coup against the regime?

I do not think such a thing has been tried before in the world, but in a “cold” look, if it is so – then it is an interesting experiment of pushing the masses into action through cyber
attacks against the physical dimension.

Sad declaration

“There have been zero successful cyber-attacks on critical national infrastructures in the past year”

This is what Yigal Unna, the head of the National Cyber Directorate of Israel, declared at the CyberTech conference, held last week in Israel. Stunning declaration in my opinion.

I thought there is no 100% in information security (which is true for physical security as well). How can he know this for sure? Information security, and certainly as part of risk management, involves recognizing that there is never any certainty. You can always be attacked successfully and you will know about it as it happens and you may never know. You always have to assume that at any given moment, at any part of your systems – you lose, because you know you don’t cover everything and can’t cover everything.

This is a statements in the style that existed before the Yom Kippur War. Smugness and arrogance that have no place in our profession and I believe that sooner or later they will run into the wall of reality and shatter.