At some point, we're going to start seeing an internet connection not just in terms of the benefits, but in terms of the liabilities too. I really would have thought that by 2019 we'd be there with industrial control systems, but apparently not.
One wonders if the governments of the world wouldn't be well advised to go ahead and hack their a couple bits of their own critical infrastructure a couple of times and horribly break it, just to make the point, before a bad actor hacks all the infrastructure. That visibly has huge costs, but it's not clear that the hidden costs of just blithely letting people keep hooking up critical stuff to the Internet isn't orders of magnitude higher.
And by no means could such a result be called a "Black Swan", because that it's going to occur is perfectly predictable. It's only a question of when.
this reminds me of all the printers and other peripherals I see that are connected directly to the internet ; even the folks who maintain them sometimes aren't aware that these things are a potential [I daresay likely] attack surface
I'd have thought we have abundant evidence already that bad consequences will have little to no impact on behavior as long as the responsibility can be dumped onto someone else.
Are attacks on air gapped systems more likely to be uncovered though? Having it isolated makes auditing/alerting harder too, and could instill an overconfidence in the security of said system.
One wonders if the governments of the world wouldn't be well advised to go ahead and hack their a couple bits of their own critical infrastructure a couple of times and horribly break it, just to make the point, before a bad actor hacks all the infrastructure. That visibly has huge costs, but it's not clear that the hidden costs of just blithely letting people keep hooking up critical stuff to the Internet isn't orders of magnitude higher.
And by no means could such a result be called a "Black Swan", because that it's going to occur is perfectly predictable. It's only a question of when.