Partner Perspectives  Connecting marketers to our tech communities.
3/24/2016
04:56 PM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real

Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.

Based on today’s indictment from the U.S. Department of Justice, a group of hackers working for the government of Iran conducted a targeted cyberattack in 2013 on the SCADA systems of the Bowman Avenue Dam in Rye Brook, N.Y. The attackers gained access to the dam’s operational systems, including temperature information, water levels, and the sluice gate. Only the fact that the gate had been manually disconnected from the system for maintenance prevented them from operating the gate.

This event is a reminder of how important it is for us to protect critical infrastructure, whether at the national, state, local, or private-sector level. Despite the relatively small size of this facility, this is a good example of how critical infrastructure is vulnerable to various actors. We should not look at the size of the particular body of water, dam, or power distribution facility. Larger facilities have similar systems, and they are vulnerable to similar exploits.

Cyberattack and cyber-exploitation tools and expertise are readily available to those willing to pay for them. An entire underground cyber-exploitation ecosystem has evolve through which the latest malware can be rented, including hacker services, to execute attacks. This magnifies the capabilities of a less-technical entity to launch sophisticated attacks. 

Providers of critical infrastructure are increasingly aware of the importance of a strong cyberdefense, and most of them have been investing in this area for the past several years. Critical infrastructure is composed of many interconnected elements, far more so than the typical large enterprise, that extend into the physical world. That means that cyberattacks can potentially damage physical infrastructure and even threaten lives.

While the level of confidence in security defenses has been increasing over the last few years in this industry, according to a recent report on critical infrastructure readiness, the majority are also being intellectually honest about the ongoing risks of a serious event actually happening. About half (48%) believe it is likely that within three years there will be a cyberattack on critical infrastructure that will result in loss of life. It's mostly just a matter of resources, motivation, persistence, and opportunity.

Security Industry: Think And Act Differently

The appropriate response to this 3-year-old security breach -- and every other breach we read about -- is not the latest security gadget or scapegoat. The fragmented nature of multiple security solutions and the resulting complexity is part of the problem. Instead, since cyberattacks have become an ongoing part of our digital lives, we believe that the security industry, including vendors, partners, and customers, needs to think and act differently. We need to build a more complete picture of the real threats and our own security posture by sharing and collaborating better. That means sharing information in real-time between different products and services; sharing threat intelligence among organizations and governments; and collaborating quickly when threats are identified to protect critical resources and contain the potential damage.

One of the most interesting aspects of almost every security study we have done over the past few years is the critical part that human interactions play in security weaknesses. What we’re seeing in many industries is a combination of technical vulnerabilities and human ones, often referred to as “social engineering.” Whether it is a phishing campaign to steal credentials or social media tricks to increase the credibility of a malicious attachment, this is often the starting point to infiltrate the environment and launch a more complex attack.

Defending against this combination of human and technical exploits requires the collaboration of human and technical security defenses. Cyberspace has grown essential to every dimension of our lives so we should assign as much priority to protecting our digital resources as we do to protecting our physical security. Escalating cybersecurity tensions, both the breaches themselves and the public concern they cause, risk fragmenting the infrastructure, hindering innovation, and limiting the future prospects for technology.

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.