We no longer live in a time where disconnecting critical infrastructure components from the Internet is a viable options, a top security officer from In-Q-Tel told Boston Source conference attendees Wednesday.
Disconnecting the power grid and water utilities from the Internet for security is good in theory but is is unrealistic in practice, said IQT Chief Information Security Officer Dan Grer, PC Magazine reports.
People that do not use the Internet will likely rely on someone who does, a Pew Foundation report has found.
It may seem intuitive to assume critical infrastructure components should not be accessible over the Internet in order to maintain security, but Greer said that is unrealistic.
It may be better in some cases if people still play a role in systems’ security, Greer said.
All systems should have a manual fallback that would allow humans to step in when necessary, Greer suggested.
He said he wants humans back in the security loop, especially in systems where they have been removed.
Greer cited a financial institution that would only complete his written request if he re-submitted it electronically.
By completing processes in an automated way, the institution introduces risk, since requests submitted this way do not have a method for signature verification, Greer said.
Greer highlighted a hospital computer outage where doctors and laboratory personnel were forced to revert to paper for four days.
People with experience in the traditional processes were able to cope while others could not, he said.
The staff’s ability to complete tasks manually was a huge factor, according to Greer.
He suggests financial institutions as well as others should have the same capabilities.
Shawn Henry, the FBI’s former executive assistant director for cybersecurity, previously suggested the U.S. cybersecurity method is unsustainable.