Five Hard Truths About Critical Infrastructure Protection

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17
Next Five Hard Truths About Critical Infrastructure Protection-4 Next

Air gaps continued

In fact, data from the Security Incident Organization's Repository for Industrial Security Incidents (RISI), one of the world's largest databases of security incidents involving ICS and SCADA systems, indicates that three major factors related to air gaps contribute to successful cyber attacks on critical infrastructure:

  • Proliferation of "soft" – that is, brittle – targets
  • Multiple points of entry: Users can access control systems in many ways without a direct hard-line Internet connection, including:
    -- Remote maintenance/diagnostics connections
    -- Shared historian and manufacturing execution systems (MES) servers
    -- Serial connections
    -- Wireless systems
    -- Mobile laptops
    -- UUSB devices
  • Poor network segmentation: Even as control networks extend to hundreds or even thousands of individual devices, most of those "flat" networks are not designed to quarantine security problems. That weakness makes it easy for attackers to enter the network in one place and quickly start wreaking havoc in many others.

Once considered the unthinkable, real-life cyber attacks on critical infrastructure have taken center stage in the past three years. Advancing technologies, evolving cyber threats and a little piece of malware called Stuxnet have catapulted cybersecurity of real-world infrastructure from an academic backwater to a top government and industry priority. From power plants to water treatment sites to traffic control systems, critical infrastructure once thought invulnerable to targeted cyber attacks now lies squarely in the crosshairs.

Over the past two decades, asset owners and operators have added IT systems to help improve management of the ubiquitous industrial control systems (ICS) that perform essential mechanical functions of all kinds. These systems have led to improved service, lower costs and technological marvels such as smart grids. Unfortunately, they have also exposed critical infrastructure to software vulnerabilities that adversaries can exploit through malware and advanced persistent threats (APTs).

Critical infrastructure providers now find themselves in a harrowing position: They must protect both physical and digital assets, but often know less than their adversaries do about those assets' vulnerabilities and how to remediate them. The complexity of IT-enabled critical infrastructure has multiplied the difficulty of protecting it, as have the skyrocketing frequency, sophistication and severity of cyber attacks over the past ten years. Consequences for failure can be catastrophic, but finding the right resources to improve protection can be challenging and expensive – making the decision to invest in security a painful business dilemma.

To protect themselves and their stakeholders from escalating cyber threats, critical infrastructure owners must first acknowledge five hard truths, according to Raju Dodhiawala, vice president and general manager at ManTech.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.