"There are three little words to make the heart beat faster in anyone who knows what they mean: critical infrastructure resilience. If you run that infrastructure or a country dependent on it, you need energy, communication and transport to be impregnable to cyber attacks. This is doubly so if that country is five minutes by incoming missile from an implacable hyper-competent enemy sworn to invade you."
"Thus it was a very bad day indeed when Taiwan's entire bullet train system was disabled for nearly an hour by an unknown attacker. It got even worse when that attacker turned out not to be the implacable and hyper-resourced state actor over the Taiwan Strait, but a university student with a yen for radio and some kit he bought online."
"It's bad news not just for Taiwan but for more than 100 countries that also use the TETRA two-way radio standard involved, often for emergency services. In many cases, it was the default replacement for unencrypted FM two-way radios, adding encryption, flexibility and network security. These were state of the art when TETRA was developed in the 1980s and 1990s - and work as well in 2026 as you might expect. Oops."
"There have been upgrades and, especially after the 2023 vulnerability disclosures, an accelerated program of making things better. A lot of the installed base globally is old, lacks over-the-air updates for security, and in any case spending money on new radios is normally at the bottom of the list for any state or public service organiza"
Critical infrastructure resilience depends on energy, communication, and transport being resistant to cyber attacks. The risk is heightened when a country faces rapid military threat and an adversary uses extensive state hacking capabilities. A major rail system disruption in Taiwan disabled a bullet train network for nearly an hour due to an attacker who was not a state actor but a university student using online-purchased equipment. The incident is concerning for many countries using the TETRA two-way radio standard, which is often used for emergency services and provides encryption and network security. Many installed systems are old, lack secure over-the-air updates, and upgrades are often delayed by limited budgets.
#critical-infrastructure-security #cyber-attacks #tetra-two-way-radio #emergency-communications #vulnerability-management
Read at theregister
Unable to calculate read time
Collection
[
|
...
]