It is being reported that a security researcher looking into the breach of California University Housing Files, discovered Cyberattackers had opened a pathway into the networks running the United States power grid. Security experts from Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
The energy industry, including electrical utilities, requires substantial investment to tilt the playing field towards defense. At the moment, the attackers have the advantage. When it comes to critical infrastructure, the relationship between government and private industry can be difficult. With our current level of investment, we may not be shooting ourselves in the foot, but the hand holding the gun isn’t always pointing at the right target.
When an attacker has been present for a long time in a system that’s functioning as expected, their presence becomes part of normal operations. We often identify malicious actors through their behavior, but if that behavior isn’t abnormal, it’s very difficult to identify.
While there are some cybersecurity standards in the electric utility industry, critical infrastructure in the broader sense suffers from a lack of enforceable best practices. It’s not as simple as applying corporate IT security processes and tools to critical infrastructure. There are unique requirements, unique devices, and unique threats to consider.
We cannot wait for a significant incident to change our behavior with regard to critical infrastructure cybersecurity. We’re not talking about financial loss and recovery here. We’re talking about safety and potential loss of life.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Dwayne Melancon, CTO of Tripwire :
“When it comes to critical systems – and particularly, critical infrastructure – it pays to make attackers’ lives more difficult. For example, implementing multi-factor authentication to prevent access using only a password is crucial. Additionally, organizations should segment their networks to limit the amount of sensitive information that can be accessed by a single account. In particular, accounts with “super powers” (such as creating new users, changing access permissions, or performing potentially harmful operations) should not only be tightly controlled, they should be aggressively monitored to look for unusual activity.
In older systems, the amount of rigor possible might be limited due to the lack of security functionality in old applications. In that case, organizations can often reduce risk by moving systems into a network segment that can only be accessed by a VPN, and multi-factor authentication can be added at the VPN.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]John Stroup, CEO of Belden :
“The heightened threat of cyber attacks on America’s critical infrastructure continues to increase, and industries such as manufacturing, healthcare, defense and oil and gas, should be evaluating their own security efforts in light of this report.
The reality is that our current level of investment in industrial cybersecurity is not sufficient. We need cyber security solutions that are crafted to address the unique requirements of these industries. The good news is that there are practical, immediate steps these organizations can take to protect our citizens immediately.
Every critical industry should sit up and take note of this report. We should assume that these attacks are not limited to our electrical grid. Every industrial, defense and manufacturing organization should immediately evaluate their own cyber security controls and take steps to reduce risks.
The potential financial impact of a sustained attack on our critical infrastructure is incalculable. The threat goes far beyond our energy grid; every industrial and manufacturing organization is at risk. The cumulative impact of attacks against multiple industries is a major threat. The good news is that there are practical, immediate steps these organizations can take to protect themselves immediately”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.