Security upgrades needed with growing cyberwar threats
- — 08 October, 2011 06:05
Countries need to take steps to upgrade critical infrastructure for protection from attacks by cybercombatants or rival countries conducting cyberwarfare, security experts said at a panel discussion this week.
Critical infrastructure such as industrial systems, transportation and power grids are easy targets for cyberattacks and people responsible for IT and national security are worried about the future, said Eugene Kaspersky, founder of Kaspersky Lab, during a panel discussion that was part of the company's Endpoint Security 8 launch event in New York. Cyberattacks could cause massive damage to the tune of billions of dollars, he said.
Some attacks in recent memory such as Stuxnet, which hit industrial systems, and the Blaster worm, which possibly hurt the electrical grid on the U.S. East Coast, were damaging and exposed the weaknesses of national infrastructures, Kaspersky said. Countries like North Korea, China, the U.S. and South Korea, and organizations like NATO are establishing cybermilitary units to protect infrastructure and respond to attacks.
"The question is this year, next year, do we expect to see similar incidents? Yes or no? The answer is obvious. Yes. It will happen," Kaspersky said.
Systems need to be built around a secure OS environment and government regulation is needed, especially for industrial software design, panelists said. Stuxnet wreaked havoc because of dated software design and poorly trained software engineers. Attack techniques are getting more sophisticated, but even simplistic hack techniques can hurt infrastructure.
"The interesting thing about Stuxnet is that the attack itself against Siemens was incredibly simple," said Gary McGraw, CTO of Cigital. "It used to work in online games in 2004."
But today's online games are much more advanced in tackling security threats, while the industrial systems still have a ways to go, McGraw said.
"You can't hack 'World of Warcraft' with this attack, but you can hack nuclear power plants," McGraw said.
In addition to protecting their interests, countries also need to work together to protect infrastructure from cybercrime. One idea proposed by Kaspersky was the establishment of an international cyberpolice unit to fight cybercrime.
"I call it Internet Interpol," Kaspersky said.
Online criminals are well-organized globally, and many attacks are carried out by script kiddies. The Internet has no borders, so there has to be international involvement to keep cybercriminals in check, Kaspersky said.
"They have much more money than IT engineers and security software engineers," Kaspersky said.
Some organizations hacked this year include Sony, Lockheed Martin, the U.S. Department of Defense, NASA, Google, the U.S. Central Intelligence Agency, Citibank and the European Commission.
Companies can fight back with better processes and technologies to identify and mitigate threats, said panelist Steve Adegbite, director of cyber-innovations at Lockheed Martin Information Technology.
Hackers go through a series of key events to execute an attack, and companies need well-trained engineers and processes to identify and disrupt potential threats, Adegbite said.
Beyond protecting endpoints, data on the cloud also needs to be protected. Banks of data are moving online, and if there's economic gain, hackers will target the cloud, Adegbite said.
"We're going to have to get faster, we're going to have to get better technology, and we're going to have faster and better processes," Adegbite said.
Many businesses will likely not move large data banks to the cloud, but retain important data at the endpoint, some panelists said.
Some suggestions on how to secure data in the cloud were also proposed at the Interop trade show this week in New York.
IT managers can set up rights for mobile devices to access certain documents in the cloud based on location, said Sujai Hajela, vice president and general manager of Cisco's wireless networking business unit in the network services group.
For example, if a doctor logs in from a hotspot such as a cafe, access can be limited to email, but not secure documents such as electronic medical records, Hajela said.