When it comes to computer security, my friends think I’m a Chicken Little. I use robust, unique passwords for every Internet-facing entity (websites and email accounts), aided by a secure password manager program that syncs across multiple devices. Access to each of my computers, tablets and other personal devices is locked with a password, which means I must unlock these devices sometimes multiple times each day. My less security-conscious friends like to point out that the person I most (and perhaps solely) inconvenience with these measures is myself. And while I do at times find them inconvenient, their modeled alternative — using my dog’s name as the password for every website I visit in a laissez-faire mindset of “If they want it, they’ll get it anyway” — would render me bald and sleepless.
Perhaps it is my experience with industrial facilities that drives me to be so security minded. Industrial cybersecurity is so important that entire organizations, including the International Society of Automation, are working on standards and methodologies for it daily. Industrial ransomware, where data itself or the access to it is held hostage via malware or “cryptovirology leakware” until a ransom is paid, is a real and growing threat. Though researchers at Georgia Institute of Technology were careful to note that no real ransomware attacks have been publicly reported on the process control components of industrial control systems, the risks for industrial systems are clear.