Protecting Your Critical Infrastructure

When Google in China experienced repeated cyber-attacks and efforts to access the Gmail accounts of Chinese human rights activists in January this year, the search engine giant decided not to remain quiet, and instead choose to publicly denounce the attacks that led to confrontation with the Chinese government.

Google said it was considering closing its Chinese operations and was no longer willing to censor results on Google.cn. This triggered a storm of protest from both human right campaigners and politicians on both sides of the spectrum.

This event highlighted the very real threat that both companies and governments now face from a unseen number of cyber-warfare experts who can break into a company’s systems for industrial espionage purposes, or to attack a nation’s critical infrastructure, such as power stations, in the event of war.

In the United Kingdom, the Cyber Security Operations Centre (CSOC) hosted by GCHQ is scheduled to become fully operational on 10 March. The CSOC was created as part of the UK’s National Cyber Security Strategy, and its main purpose is to identify cyber attacks in real time.

The creation and existence of the CSOC demonstrates the seriousness that governments are now attaching to cyberwarfare. eWEEK Europe UK therefore thought it would be a good time to get an expert viewpoint on the situation. We talked to Reed Henry, SVP of ArcSight, a security firm that works with the UK government, as well as other nation states and even NATO, plus regular commercial companies, in an effort to help them identify threats and attacks, as they happen.

What is ArcSight?

“ArcSight has been around for 10 years now, and it focuses on identifying footprints in enterprises that indicates bad things are happening. We track what is actually happening in the enterprise, based on logs etc, and alert the company so that business operations can continue to function normally. If a hacker decided to attack a critical server, we would know the server that is involved, and we would know if we really care about the data being hosted on that server. We can prioritise that event, and stop that traffic.

“With a lot of attacks coming from within the organisation, either internal staff or privileged users, we can provide visibility to both external and internal threats.”

Do organisations have a lack of visibility regarding their internal infrastructure?

“Absolutely, organisations very often have a lack visibility about what is going on inside their systems. Most companies have invested large amounts in perimeter protection such as anti malware security, but these companies very often have a huge blind spot as to what is going on internally. The IT department is focused on support, troubleshooting, and building new applications. They are also under pressure to open these applications to customers and outside users, which at the time introduces more vulnerabilities. Do they know who is looking at the data?

“Security tends to be way down on the list of priorities, indeed Gartner said it was number 8 on the list of priorities. What is needed is a single plane of glass that can provide insight into what is going on inside an organisation’s infrastructure. We can map individual users and trace users back to the IP address for example. One of the problems some companies experience is with legacy accounts and people sharing the same user ID. This can lead to backdoors, so detection is the key.

“The second issue comes from staff who have been terminated, or have left the company, but their ID has not been taken out of the system when they leave. Accounts that are dormant, that is where the bad stuff happens. Disgruntled employees for example can be tempted to do something bad.”

Page: 1 2

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • DOC (digital/optical) computers, now capable of "changing information on the fly" while en route, have introduced a new problem in that the information which arrives at any destination may not be the information from the source. Nor will it necessarily be from one source to one location, but rather split at that point to multiple destinations, even translated into other computer and human languages.

    The current trend to force exposure to source code opens up the entire world to the theft of their information, most of them without the knowledge of the incidents. Now that we know Intel was also a victim of the recent attacks by China, the designs of chips themselves may be known, opening up new backdoors of access via alternatives, such as access to computers via electrical wiring and/or parts of the video signal.

    Likewise, with botnets of computers to servers and from there to other servers, the potential for multiple participants in one event or target on the front end are also possible.

    We are now in a multi-point to multi-point disinformation oriented crime ring network architecture and computers are not the only targets. As brain interfaces become more known of, the ability to track IP addresses of a victims' computer may be critical to automated systems of defense. Let's hope that the UK has not fallen for the fake "privacy" issue and the decoy of "oneness".

    Boundaries to protect the individual and their rights are now necessary to safeguard not only their freedom, but their lives.

    As with all others, they will be only as good as the equipment they use, most likely designed and manufactured in Asia. Don't be ignorant of the microchip back doors built into the hardware, especially the electrical wiring.

    Good luck to the UK and their new center!

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago