US construction giant unearths concrete evidence of cyberattack Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will "continue to cause disruption." The California-headquartered engineering biz, which produces wood and concrete construction products designed make structures more safe, confirmed the digital assault on the same day …
> For years it seemed as though the construction industry was “immune” to security attacks, according to a research paper [PDF] by the Association of General Construction of America in 2021.
Couldn't they just make “computers” out of concrete /s
“For many years, the construction industry has appeared almost immune from cyber events because of the limited personal information it keeps.”
I wish I could feel sorry for Simpson, but I just can't.
I'm starting a small construction project, and their pricing has become outright predatory. Charging $46 for a $3 piece of sheet metal with two simple bends in it is obscene. I know steel prices are high (I just bought a bunch of steel for another project) but they are charging "what the market will bear" in a market where they are the only player.
I've been shopping for a sheet metal brake (bender). I think I can pay for the brake in the savings on this project alone.
As someone who's day job is in cybersecurity, I really shouldn't be rooting for the bad guys... But, F**K Simpson!!
The fundamental problem is that businesses want to have their internal business systems co-located on a network accessible to their staff's desktop/laptop computers AND they want their staff's desktop/laptop computers to be located on a network connected to the public Internet and to regularly exchange all kinds of data with that public Internet. Through the transitive property, this exposes the internal business systems to the great unwashed masses and outright evil-doers present on the public Internet.
To the extent to which companies diligently install and operate strong access controls and adequately train and monitor their staff's compliance with administrative policies and operational practices that minimize risk, the configuration might remain secure, but with an always present risk of compromise. Unfortunately, the concrete budgetary cost of this protection gets constantly chipped away, in some ways a victim of its own success (why do we spend so much on preventing security breaches when we never have any security breaches?).
A better configuration would isolate the internal business systems from the Internet-surfing systems altogether (air gap). Higher cost configuration, and might require two devices on a lot of desks, but a higher probability of avoiding a breach. Certain conveniences must be given up, and processes for moving data between the low-trust and the high-trust environment must be put in place.
> produces wood and concrete construction products designed make structures more safe
It might be clearer to say "...produces mostly metal products designed to make wood and concrete construction structures more safe..."
> $46 for a $3 piece of sheet metal with two simple bends in it is obscene. I know steel prices are high...charging "what the market will bear" in a market where they are the only player. ... I've been shopping for a sheet metal brake (bender). I think I can pay for the brake in the savings on this project alone.
I'm sure you know any wide-awake Building Inspector will question mystery TECO brackets. Simpson tests a lot of floors and walls to failure, and to quantify the way structures fail (gradual or BAM). You know they say you must use their nails so the ultimate failure of the clips is as designed. Some of their steel is hard hi-strength, and some is soft and yielding to distribute the stresses over all the steel and fasteners. Yes there is a lot of OCD here, and a lot of self-promotion to the building inspection community. But they are not wrong, just over-wrought.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
