As someone with a lot of friends and co-workers who are on the info-sec side, the stories I repeatedly hear of how many times they visit the same company year/year and little if anything is done to harden their networks, and impose stricter security on their users is way more common than it should be.
Most, if not all of these networks should be taken offline and siloed, but you know that won't happen now, the genie is out of the bottle. If they did, it would create a much smaller attack surface for critical infrastructure. As it sits now? Doubtful we would go back to that world.
>> But I also suspect the feds put some pressure on Colonial
This was my thought was as well. I thought they were in on this before it hit the public media. For me, it was like in the movies when the feds are trying to tap the line and the person is trying to keep the bad guy on the line as long as possible so they can trace the call?
My theory is the feds encouraged Colonial to string it out in order for them to get as much information on the hacking team as possible. From what we're seeing now (bitcoin seized, servers seized) it sounds like the Feds have them nailed pretty good and their gamble paid off.
As someone with a lot of friends and co-workers who are on the info-sec side, the stories I repeatedly hear of how many times they visit the same company year/year and little if anything is done to harden their networks, and impose stricter security on their users is way more common than it should be.
Most, if not all of these networks should be taken offline and siloed, but you know that won't happen now, the genie is out of the bottle. If they did, it would create a much smaller attack surface for critical infrastructure. As it sits now? Doubtful we would go back to that world.