Partner Perspectives  Connecting marketers to our tech communities.
3/24/2016
04:56 PM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real

Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.

Based on today’s indictment from the U.S. Department of Justice, a group of hackers working for the government of Iran conducted a targeted cyberattack in 2013 on the SCADA systems of the Bowman Avenue Dam in Rye Brook, N.Y. The attackers gained access to the dam’s operational systems, including temperature information, water levels, and the sluice gate. Only the fact that the gate had been manually disconnected from the system for maintenance prevented them from operating the gate.

This event is a reminder of how important it is for us to protect critical infrastructure, whether at the national, state, local, or private-sector level. Despite the relatively small size of this facility, this is a good example of how critical infrastructure is vulnerable to various actors. We should not look at the size of the particular body of water, dam, or power distribution facility. Larger facilities have similar systems, and they are vulnerable to similar exploits.

Cyberattack and cyber-exploitation tools and expertise are readily available to those willing to pay for them. An entire underground cyber-exploitation ecosystem has evolve through which the latest malware can be rented, including hacker services, to execute attacks. This magnifies the capabilities of a less-technical entity to launch sophisticated attacks. 

Providers of critical infrastructure are increasingly aware of the importance of a strong cyberdefense, and most of them have been investing in this area for the past several years. Critical infrastructure is composed of many interconnected elements, far more so than the typical large enterprise, that extend into the physical world. That means that cyberattacks can potentially damage physical infrastructure and even threaten lives.

While the level of confidence in security defenses has been increasing over the last few years in this industry, according to a recent report on critical infrastructure readiness, the majority are also being intellectually honest about the ongoing risks of a serious event actually happening. About half (48%) believe it is likely that within three years there will be a cyberattack on critical infrastructure that will result in loss of life. It's mostly just a matter of resources, motivation, persistence, and opportunity.

Security Industry: Think And Act Differently

The appropriate response to this 3-year-old security breach -- and every other breach we read about -- is not the latest security gadget or scapegoat. The fragmented nature of multiple security solutions and the resulting complexity is part of the problem. Instead, since cyberattacks have become an ongoing part of our digital lives, we believe that the security industry, including vendors, partners, and customers, needs to think and act differently. We need to build a more complete picture of the real threats and our own security posture by sharing and collaborating better. That means sharing information in real-time between different products and services; sharing threat intelligence among organizations and governments; and collaborating quickly when threats are identified to protect critical resources and contain the potential damage.

One of the most interesting aspects of almost every security study we have done over the past few years is the critical part that human interactions play in security weaknesses. What we’re seeing in many industries is a combination of technical vulnerabilities and human ones, often referred to as “social engineering.” Whether it is a phishing campaign to steal credentials or social media tricks to increase the credibility of a malicious attachment, this is often the starting point to infiltrate the environment and launch a more complex attack.

Defending against this combination of human and technical exploits requires the collaboration of human and technical security defenses. Cyberspace has grown essential to every dimension of our lives so we should assign as much priority to protecting our digital resources as we do to protecting our physical security. Escalating cybersecurity tensions, both the breaches themselves and the public concern they cause, risk fragmenting the infrastructure, hindering innovation, and limiting the future prospects for technology.

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.