← Back to context

Comment by shakna

14 hours ago

I guess I shouldn't be drawn by someone calling me an idiot...

But one last try.

You suggested that the cost of cyberattacks on industry, is not so great as when we were destroying it with bombs instead.

However, every time we have power outages, people die. Then we have the cost of securing the infrastructure. And the cost of everyone else affected, who has to increase their resilience.

Your bank is collateral damage, as is the people freezing to death in their homes. Entire industries are on the verge of collapse - getting a new turbine to help stabilise your grid has a lead time of _years_, not days or weeks. And if you hit weeks, people die.

Insurance responds to attacks, and that trickles out to everywhere that is touched. VISA and MasterCard have to prepare for eventualities, because of attacks not aimed at them, but at power infrastructure.

When power is hit... There is nothing unaffected.

Volt Typhoon hit the US power grid, and required a massive multinational effort to extract them, that took almost a year... And VT wasn't intended to do damage, just look for weak spots. So that next time, they can cause damage. As part of that survival process, various hardware partners were kicked to the curb, and the repercussions are still in the process of being felt. Half the industry may have issues surviving because of it.

Industroyer is one of the reasons that Kyiv got as bad as it did. Malware is not some hand-wave and fix thing. Half the city's relays were permanently damaged.

Then of course, there was Stuxnet. Which blew up centrifuges, and the research centres hit are still trying to recover from where they were, then.

Cyberattacks are a weapon of war, people die, industries die, and there is no easy path to recovery following it.

An entire industry exists, just to defend against these kinds of attacks. The money spent on that, is counted, which means it has to be less than the cost of the attack succeeding. Trillions are spent, because there is absolute weight behind surviving these attacks.

If things were easier, it'd be an industry solely focused on backups and flipping a switch. But it's not.

1 comment

shakna

Reply