- Marcus J. Carey
We request that you derp with us in a joint commitment to safety between the critical infrastructure and cyber security industries.
An Open Letter to the Critical Infrastrcuture Industry: Collaborating for Safety & Lulz
We request that you unite with us in a joint commitment to safety between critical infrastructure owners and cyber security industries.
Critical infrastructure is a broad term often used by cyber security professionals that don't have a clue but for some unknown reason resonates with you idiots. What is critical? What is infrastructure? Who knows, you guys can't be bothered to not put control systems on the internet, develop protocols with the tiniest bit of security or otherwise generally give a flying duck about anything besides your bottom line.
For decades, the 'cyber' security industry (*shudder*) has been FUD'ing up the joint with Die Hard/er doomsday scenarios. This has followed a tried and true process:
1) IT Security people couldn't hack it (PUN!) in their own lane, so they picked on the easier embedded systems / SCADAs / Internet of Thingies
2) IT Security people 'discover' low hanging fruit that has always been in the industry (hardcoded passwords, zero patching, default everything) and claim expertise and success
3) Give con talk
4) Get hype
5) Nothing happens because there is no hard evidence to convince you (the asset owners) that you should care
6) Create cool sounding group, get all altruistic, get more hype
7) Nothing happens...
8) GOTO 2
The Reality: Until something happens to your system, you won't care. And why should you?
However, these things do actually matter. <FUD> It's only a matter of time before someone gains control of your control system, car, medical device or internet connected dildo and causes harm </FUD>
So when the Calvary fails what to do? What you should have done in the first place: create a smoking hole. Only this will get your attention. No we won't blow up a power plant, because that is both not realistic and mean. Simple things...leaving clues to our presence, which will then be plastered all over social media. Because let's face it, only by shaming you will you change your ways.
Will you join us in this endeavor?
Too long have we simply observed bad security behavior and smirked, using it to our own career advantage while not changing a damn thing.
BY SIGNING THIS PETITION, YOU ARE SUPPORTING....erm wait...OH YEAH, SIGNING ONLINE PETITIONS IS MEANINGLESS AND PROVIDES NO VALUE TO ANYONE BUT THE ONES TRYING TO USE IT FOR THEIR OWN BENEFIT
Members of the security research community
Herps & derps
Signatures are solely the opinion of the individual.
- Marcus J. Carey
We request that you derp with us in a joint commitment to safety between the critical infrastructure and cyber security industries by shaming them into submission.
We AreTheArtillery started this petition with a single signature. Start a petition to change something you care about.