Protecting Your Critical Infrastructure
As the government prepares to launch its Cyber Security Operations Centre, Reed Henry of ArcSight discusses the importance of protecting national assets
Does this lack of visbility also apply to governments and nation states?
“One of the things that governments need to do is to protect the Internet. It has been estimated that many billions of pounds are tied up in e-commerce activities. When a military installation or MI5 is attacked, the cyber criminal will go down the line looking for vulnerabilities. This is why threat-sharing is so important. Nations will see attacks not only looming on the horizon, but also attacks that are used as a part of modern warfare. In the US, the vulnerabilities of the American power grid was revealed recently, and if a hacker were able to gain access to these systems, the downstream effect of power disruption could be catastrophic.
“It is estimated that there are now 200 nation states that can launch a cyber war offensive – and these nations are recruiting cyber warfare people and are carrying out simulations. Think about the number of aeroplane missles a nation can deploy, but just 30 people could take down a nation’s defences. This has major ramifications.
“There are currently thought to be 250 hacking groups in China and that government is not stopping them, as these groups have become a political asset for China. It is a real threat, and groups like the Cyber Security Operations Centre (CSOC) are a real asset, which will allow governments to see what is a threat and what is not. It is a wake up call for governments around the world to make sure that their security is secure.
“The power grid vulnerabilities in the United States was exactly like the plot from the film, ‘Die Hard 4’. Remember, electricity plans often show where all the assets and infrastructure is located, as these details are all stored electronically nowadays, and are kept in files on a system somewhere. It was reported last year for example that the plans for the US Joint Strike Fighter were stolen, allegedly by the Chinese.”
So what threats are we likely to see going forward?
“Years ago it was random strikes, but now it is much more targeted. There are in effect ‘sniper attacks’ happening now on a company’s critical infrastructure. We will continue to hear about that going forward, especially as there it is that 12 to 15 percent of all the computers in the world are thought to be infected with bots.
“This is a huge number, and these infected PCs are mostly lying dormant at the moment, but this is a ticking time bomb, and we see will those going active in the future.
“The major trend that is occurring at the moment is with small to medium sized companies, such as family businesses like plumbers etc. These small businesses are typically getting attacked at the moment, and key loggers for example are capturing the details of their online bank accounts. Before the guy knows it, all the money has been emptied from his account. Now consumers are protected and will usually get their money back, but companies are not protected in the same way.
“SMBs are not investing enough in security, and even when they do, things like firewalls are not being configured properly. SMBs are also notoriously behind on their patch levels, so there are vulnerabilities with millions of these small businesses.
“One of the biggest things going forward however is that we will also hear a lot more about cyber warfare. The Pentagon for example gets over a million attacks a day. We have known about China for some time, and the Google attack just puts this in the headlines. It got noticed and reported because Google is well known and sophisticated company. But these attacks also happen to other less well known companies.
“For example, a number of oil companies found that their systems had been breached in 2008, and their drilling plans were stolen. Now this information contained very valuable details on where oil is located. Companies can spend hundreds of millions of dollars finding this information out, and suddenly all that data is stolen. These attacks also allow rival companies for example to know how much their competitors are pricing for drilling bids. A rival drilling company can therefore offer a lower bid and undercut their competition, because they know the bidding price of their rivals. Companies go out of business when this happens.”
So what advice do you have?
“The concept of a ‘hard shell, soft interior’ will not work any more. With the advent of Wi-Fi networks, the cloud etc, we recommend that companies keep their vulnerabilities to a minimum, and put in place monitoring software around their critical assets at the very least. Things like customer data also needs to be heavily protected. Therefore monitoring the data and the transactions that happen with that data is very important.
“Another thing is training. A lot of non-malicious back doors are inadvertently opened. Users should be told not to go to certain websites. They need to be made aware of spear-fishing emails that say ‘hey, look at my new picture’, and when they click on it, malware is installed. They also need to be aware of social engineering from social networking websites, as well as the dangers of installing peer to peer networking applications as you don’t know who is looking at your system.”