Security upgrades needed with growing cyberwar threats

Industrial systems, transport and power grid infrastructures are still vulnerable, panelists said this week

Countries need to take steps to upgrade critical infrastructure for protection from attacks by cybercombatants or rival countries conducting cyberwarfare, security experts said at a panel discussion this week.

Critical infrastructure such as industrial systems, transportation and power grids are easy targets for cyberattacks and people responsible for IT and national security are worried about the future, said Eugene Kaspersky, founder of Kaspersky Lab, during a panel discussion that was part of the company's Endpoint Security 8 launch event in New York. Cyberattacks could cause massive damage to the tune of billions of dollars, he said.

Some attacks in recent memory such as Stuxnet, which hit industrial systems, and the Blaster worm, which possibly hurt the electrical grid on the U.S. East Coast, were damaging and exposed the weaknesses of national infrastructures, Kaspersky said. Countries like North Korea, China, the U.S. and South Korea, and organizations like NATO are establishing cybermilitary units to protect infrastructure and respond to attacks.

"The question is this year, next year, do we expect to see similar incidents? Yes or no? The answer is obvious. Yes. It will happen," Kaspersky said.

Systems need to be built around a secure OS environment and government regulation is needed, especially for industrial software design, panelists said. Stuxnet wreaked havoc because of dated software design and poorly trained software engineers. Attack techniques are getting more sophisticated, but even simplistic hack techniques can hurt infrastructure.

"The interesting thing about Stuxnet is that the attack itself against Siemens was incredibly simple," said Gary McGraw, CTO of Cigital. "It used to work in online games in 2004."

But today's online games are much more advanced in tackling security threats, while the industrial systems still have a ways to go, McGraw said.

"You can't hack 'World of Warcraft' with this attack, but you can hack nuclear power plants," McGraw said.

In addition to protecting their interests, countries also need to work together to protect infrastructure from cybercrime. One idea proposed by Kaspersky was the establishment of an international cyberpolice unit to fight cybercrime.

"I call it Internet Interpol," Kaspersky said.

Online criminals are well-organized globally, and many attacks are carried out by script kiddies. The Internet has no borders, so there has to be international involvement to keep cybercriminals in check, Kaspersky said.

"They have much more money than IT engineers and security software engineers," Kaspersky said.

Some organizations hacked this year include Sony, Lockheed Martin, the U.S. Department of Defense, NASA, Google, the U.S. Central Intelligence Agency, Citibank and the European Commission.

Companies can fight back with better processes and technologies to identify and mitigate threats, said panelist Steve Adegbite, director of cyber-innovations at Lockheed Martin Information Technology.

Hackers go through a series of key events to execute an attack, and companies need well-trained engineers and processes to identify and disrupt potential threats, Adegbite said.

Beyond protecting endpoints, data on the cloud also needs to be protected. Banks of data are moving online, and if there's economic gain, hackers will target the cloud, Adegbite said.

"We're going to have to get faster, we're going to have to get better technology, and we're going to have faster and better processes," Adegbite said.

Many businesses will likely not move large data banks to the cloud, but retain important data at the endpoint, some panelists said.

Some suggestions on how to secure data in the cloud were also proposed at the Interop trade show this week in New York.

IT managers can set up rights for mobile devices to access certain documents in the cloud based on location, said Sujai Hajela, vice president and general manager of Cisco's wireless networking business unit in the network services group.

For example, if a doctor logs in from a hotspot such as a cafe, access can be limited to email, but not secure documents such as electronic medical records, Hajela said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitykaspersky lab

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Agam Shah

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?