Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/24/2016
04:56 PM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real

Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.

Based on today’s indictment from the U.S. Department of Justice, a group of hackers working for the government of Iran conducted a targeted cyberattack in 2013 on the SCADA systems of the Bowman Avenue Dam in Rye Brook, N.Y. The attackers gained access to the dam’s operational systems, including temperature information, water levels, and the sluice gate. Only the fact that the gate had been manually disconnected from the system for maintenance prevented them from operating the gate.

This event is a reminder of how important it is for us to protect critical infrastructure, whether at the national, state, local, or private-sector level. Despite the relatively small size of this facility, this is a good example of how critical infrastructure is vulnerable to various actors. We should not look at the size of the particular body of water, dam, or power distribution facility. Larger facilities have similar systems, and they are vulnerable to similar exploits.

Cyberattack and cyber-exploitation tools and expertise are readily available to those willing to pay for them. An entire underground cyber-exploitation ecosystem has evolve through which the latest malware can be rented, including hacker services, to execute attacks. This magnifies the capabilities of a less-technical entity to launch sophisticated attacks. 

Providers of critical infrastructure are increasingly aware of the importance of a strong cyberdefense, and most of them have been investing in this area for the past several years. Critical infrastructure is composed of many interconnected elements, far more so than the typical large enterprise, that extend into the physical world. That means that cyberattacks can potentially damage physical infrastructure and even threaten lives.

While the level of confidence in security defenses has been increasing over the last few years in this industry, according to a recent report on critical infrastructure readiness, the majority are also being intellectually honest about the ongoing risks of a serious event actually happening. About half (48%) believe it is likely that within three years there will be a cyberattack on critical infrastructure that will result in loss of life. It's mostly just a matter of resources, motivation, persistence, and opportunity.

Security Industry: Think And Act Differently

The appropriate response to this 3-year-old security breach -- and every other breach we read about -- is not the latest security gadget or scapegoat. The fragmented nature of multiple security solutions and the resulting complexity is part of the problem. Instead, since cyberattacks have become an ongoing part of our digital lives, we believe that the security industry, including vendors, partners, and customers, needs to think and act differently. We need to build a more complete picture of the real threats and our own security posture by sharing and collaborating better. That means sharing information in real-time between different products and services; sharing threat intelligence among organizations and governments; and collaborating quickly when threats are identified to protect critical resources and contain the potential damage.

One of the most interesting aspects of almost every security study we have done over the past few years is the critical part that human interactions play in security weaknesses. What we’re seeing in many industries is a combination of technical vulnerabilities and human ones, often referred to as “social engineering.” Whether it is a phishing campaign to steal credentials or social media tricks to increase the credibility of a malicious attachment, this is often the starting point to infiltrate the environment and launch a more complex attack.

Defending against this combination of human and technical exploits requires the collaboration of human and technical security defenses. Cyberspace has grown essential to every dimension of our lives so we should assign as much priority to protecting our digital resources as we do to protecting our physical security. Escalating cybersecurity tensions, both the breaches themselves and the public concern they cause, risk fragmenting the infrastructure, hindering innovation, and limiting the future prospects for technology.

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.