Issue link: https://iconnect007.uberflip.com/i/1253723
42 SMT007 MAGAZINE I JUNE 2020 your company? What are the bad things a cyber-attack would do? I know that's not a very sexy answer, but it's a very appropriate answer. If you have lots of data backups and the ability to store laptops quickly, you may not care about a ransomware attack—espe- cially if you're a small company. If you're a company that doesn't have intellectual prop- erty, trying to lock down your file shares may not make sense. Feinberg: Of course, there is no cure for stupid- ity. Landeck: I had a client that was hit by a pretty big event. It happened through email, and the email said, "There was a problem with your online banking transfer. Please click here to fix it." We found victim zero—the first person to click it. I asked her, "Have you done any bank- ing transfers before?" She said, "No, I never have." And I said, "Why did you click an email that said you have to fix the problem with your transfer?" Her exact words were, "I wanted to see what would happen." There was nothing about that email that made any sense to her except curiosity. Holden: We're all familiar with the Iranian nuclear facility's centrifuges that were hacked into to make them spin out of control. Did they come in surreptitiously, or on somebody's email? Landeck: You're talking about Stuxnet. All we know is what was made public, so according to news outlets, what happened was called an air-gapped net- work, meaning it talked to noth- ing outside. There was no VPN; you physically had to touch that device. According to news sources, the malicious payload that did the corruption was put on a USB drive and brought in. It's unlikely you'd have a factory floor that was fully air-gapped. It's possible if you're making something that sensitive or that regulated, but the average smart factory won't be air-gapped; it will have what's called a net- work boundary, which will protect what comes in and out. Johnson: Although, the point is you can even overcome an air gap if you want to. Landeck: Yes, apparently, there are some peo- ple that overcame an air gap. Holden: On a scale of zero to 100, how would the U.S. rate in terms of protecting our infra- structure of energy, power, banking, water, utilities, finance, etc.? Are we more aware of it and coming up, or do we have a long way to go? Landeck: The more we rely on our phones, laptops, etc., the better the attackers get, and the more we have to stay on our game. There will always be threats out there. But all in all, if I can work from home, VPN into my work, talk on my cellphone, buy things from Amazon, and have my lights on, things are working. Johnson: As our manufacturing facilities move to be more digital and online with even more sensors, it seems that we could be more exposed to ransomware-type attacks. If that happens to an electronics manufacturer, what should they do?