Skip to main content

Reply to "Driver-Less Trains - an Article in the WSJ from January 19, 2019 (1-19-19!)"

Big_Boy_4005 posted:
AmeenTrainGuy posted:
Dominic Mazoch posted:

Ok, what happens if the cloud gors down?  Or you cannot get to it?

The cloud is run through the internet, and the internet is impossible to take down. Think about it like a mainline if it goes down trains will have to wait until it gets fixed. Not all the computation gets down through the cloud. The cloud only takes care of the tasks that require supercomputers. An automated train should theoretically be able to control itself to a stop if it gets offline. A deeper explanation can be done, but I believe it is too complex for this topic since this is not an artificial intelligence/machine learning forum.

I think the better question is,  what if the cloud gets hacked?

We already have vulnerable infrastructure in the form of water and power systems. Should we add trains and planes to the list?  Nuclear weapons are soooo last century. That won't be where the next attack will come from.

No technology connected to the internet is perfectly secure (the only nearly secure systems are not on the Net, and if networked are only accessible through a local network that is not connected to the internet or via a direct leased line connection that  otherwise is not easily accessible (leased lines in theory can be tapped, but require local access to the cable and knowing which one is carrying the traffic). 

Comparing the cloud to for example a water system getting hacked is not a valid comparison IMO. A water system likely is running their applications on their own environment (or a contracted host environment, same difference), they wrote the application, they wrote the application security, the database structure, the database calls in the application, basically the whole thing. Most of the hacks you hear about are at this level, while operating systems have their security flaws, it is why they continually update phone and desktop systems OS, that isn't where most of the breaches  happen.

The problem is that on this level a lot of factors make these systems vulnerable. With things like the water system or electrical grid, you likely have legacy systems that have been out there a long time, that have been patched and changed, and security quite frankly wasn't as big an issue back when they were written, and also with things like a water system or electrical grid, they don't exactly have huge IT budgets or the willingness to spend money on teams of people to test the code for vulnerabilities, then fix them, both of which can be time consuming and expensive. 

The real problem IMO quite frankly is that the consequences of a breach to a company is so low, that even now they don't really care. When Anthem got hacked and critical personal information was breached in the process, the cost to them was the CEO (who along with the CIO kept their jobs) sitting up there and saying "I feel your pain" and offering a free year of credit reporting to the people affected; Target had a massive breach, and within a couple of months of it happening, they had no ill effects and even had growth.  Despite all the furor, there were no real consequences to the firms in terms of regulations, what regulations that exist are toothless and the fines are so small the companies are often willing to risk that. Basically, if it doesn't give a RIO or doesn't preclude a major loss, they won't spend money on it. I work in an industry on the other hand where data and systems safety is heavily regulated, and you better believe they take security seriously, because the cost of failure would be huge, unlike places like Anthem and Experien and Target and so forth. 

Cloud computing is a bit different. First of all,  applications running in the cloud are removed from a lower level threats  you have running on a traditional hardware farm, the are abstracted from that layer from what I understand, and the cloud  infrastructure was designed with security from the beginning, in part because it was so new (and for example Amazon, built the cloud to handle their online retail business, which they knew security would be a major factor if they had a major hack, so they designed it with a major level of security, IWS is if not the biggest, one of the biggest players in cloud computing companies run their applications on). More importantly, the application vendors who use the cloud are writing applications from scratch, and unlike the patched together legacy systems that routinely get hacked, they are designed with security in mind, too. Plus, from what I understand about cloud computing, the cloud service has fairly strict requirements when applications are hosted there and have their own set of tests that people using the cloud have to have their applications pass, plus the cloud people run all kinds of tests themselves for things running in their environment, do security penetration testing and the like from what I have been told.

More importantly, the cloud vendors themselves would pay dearly if loopholes in the way the cloud was set up allowed major hacking of the clients apps running in there, it would destroy them; unlike the empty suits at Anthem or Experien or Target, the cost of failure is so high that they can't take security lightly, and they don't, it would drive applications to switch to another vendor and they could face serious financial liability for what happened to any vendor on there. 

You would figure something like Experien, that has the information of hundreds of million of people in it, or a water plant or a electrical grid, would be considered critical systems, but they aren't. I would be concerned about security around automated control systems on aircraft and trains, but I would be a lot more concerned about how well these systems can respond to out of the norm situations than being hacked, security , as difficult as it can be, is a lot easier thing to build in than being able to handle out of the norm situations, it is why I tend to look at automated flight systems (pilotless ones) or fully automated trains on any large scale as not being a great  idea. 

OGR Publishing, Inc., 1310 Eastside Centre Ct, Suite 6, Mountain Home, AR 72653
800-980-OGRR (6477)
www.ogaugerr.com

×
×
×
×
×