Ransomware
by John Lawrence
The downside of the internet is ransomware as well as social media which has done more harm than good. It seems that each technological advance opens the door for people to exploit and do harm to other people. Most ransomware attacks occur because someone clicked on a link in a phishing email or visited an infected website. The simple solution is not to click on any links in emails or visit untrusted websites. Why is an employee of a pipeline company clicking on links in emails or visiting unauthorized websites? So the first line of defense is to forbid such activities within each company. The second line of defense is to back up the entire system and all the data off line once a day. This means that the entire system disconnects from the internet, does the backup and then the backup is totally isolated from the internet before going back online. Then in the event of a ransomware attack, the entire system can be wiped. In other words memory is totally erased. Then the system is reinstalled as well as all the data. Result: ransomware attack is ineffective.
A second approach would be for the system to intervene before accepting every email into an inbox. The origination of the email would be checked as well as a number of other parameters to make sure the email is legitimate. For a pipeline company only emails related to legitimate business transactions should be accepted. That means no personal emails on the system. Secondly why does an American pipeline company have to be on a worldwide internet - the world wide web? Does an American pipeline company really need to be in contact with Belarus? So the system should be taken off the internet altogether and placed on an intranet, a system which connects only those with a need to know or a need to communicate related to the business transactions of the company in question.
Thirdly, if the US was an integrated, undivided country with unquestioned command and control from the top, a nationwide, system wide system could be implemented to protect all users within the country. Because this is not the case, it is up to each company and each entity to provide their own security. Since it reduces profits for a company to implement robust security protection, many companies forego it. This is unfortunate. If the company is considered an important part of US infrastructure, they should be required by law to implement a secure system.
Then there is bitcoin which provides a convenient way for financial transactions with criminals. That needs to be regulated and the anonymity taken away at least for the US government which needs to tax bitcoin transactions. Right now money is being transferred by bitcoin without being monitored by the US central bank and without the knowledge of the IRS.