Following the news that airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems. IT security experts from Infoblox and Thales e-Security commented below.
Dr. Malcolm Murphy, Technology Director at Infoblox:
“Attacks against IT networks are becoming increasingly common and, if carried out against critical national infrastructure, can represent a significant threat to national security.
In addition to the damage caused to the networks themselves, a DDoS attack on an organisation’s Domain Name System can be used to prevent communication of and around the attacks, causing confusion and panic as seen in the attack on the Ukraine power grid in 2015.
The Domain Name System, or DNS, is a mission-critical piece of network infrastructure used by all organisations without which networks cannot function. Often inadequately protected by traditional security solutions, it remains a vulnerable network component frequently used as an attack vector by cyber-criminals. With botnets available for hire for relatively small sums of money online, DNS-based DDoS attacks are becoming increasingly easy for cyber criminals to carry out.
In their efforts to defend the country against the growing cyber threat, organisations responsible for the security of critical infrastructure should be making DNS protection a top priority.”
Peter Carlisle, VP EMEA at Thales e-Security:
“Cyberattacks against critical national infrastructure are set to increase dramatically as criminals develop increasingly heinous methods to jeopardise Britain’s national security.
From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems.
To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack and ensure hostile forces never have the opportunity to do us harm.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.