It has been reported that French shipbuilding firm, DCNS, has suffered a huge data breach. The information exposed was 22,000 pages of detailed information revealing the combat capabilities of the Scorpene class vessels – six of which are used in a £2.6 billion contract with the Indian navy. IT security experts from AlienVault, ESET, Lieberman Software and NSFOCUS commented below.
Javvad Malik, Security Advocate at AlienVault:
“Intellectual property can sometimes be the most difficult form of data to protect because it is usually unstructured, and often times the full value of the whole data isn’t realized by the individuals who may be working on portions of it.
However, for defense contractors, intellectual property protection is even more important. This should start with a security-aware culture throughout the whole organization. Having the fundamentals in place even for non-sensitive projects helps maintain awareness.
Security needs to be architected in from the beginning. Services should be designed to be hard to compromise, be easy to maintain, and quick to recover. A good idea is to follow a segmented approach so that if certain aspects of the organization are breached, the critical data can remain protected.
Finally, it’s vitally important that logs and alarms are reviewed and followed up on. In the aftermath of a breach, investigators are able to find the logs detailing what occurred almost without fail. In many cases, a security product would have raised an alert or alarm of some sort that subsequently was ignored – resulting in the breach.”
Mark James, Security Specialist at ESET:
“We can all relate to material theft, it might be jewellery, money, cars or even priceless photos but it hits us hard when we lose the things we care about most. But protecting intellectual property is much harder, right? No, when it comes to “IT”, protecting digital information is not as hard as some people think.
DLP (Data Loss Prevention) can not only stop users from sending data to an external source it can also be used to track and monitor data movement that’s prohibited. Of course there’s always a caveat, there is often no 100% way to stop people getting hold of something they should not have once its committed to paper form, but with digital technology you can certainly make things difficult, not printing that email is not just about saving trees!”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“There are a few common ways highly sensitive information like the DCNS submarine plans gets leaked. Often it’s because people rely on the same controls for sensitive data and the rest of their files. Often these controls are poorly understood. A file will be placed in what is thought to be a restricted location, but it turns out many more people have access than realized through poorly configured permissions.
Without diligent data access governance, these misplaced files are easy targets for malicious insiders, malware, and other mundane attacks. Though, it’s hard to blame people for misplacing these files as another problem is that most organizations lack data classification. They may have a policy on the books about it and if you open the file to read it you may see all manner of references to its level of secrecy, but those typically fail to be marked on the file in a way that will signal who should open it at all or where it should be allowed to live on fileshares. That leads to sensitive information living in the wrong places simply because it wasn’t obvious what it was when it was moved.
And, of course, unchecked administrators are also a threat to data. Whether it’s the disgruntled insider or the outsider who manages to hijack elevated rights, the privileges of the admin bypass even the best controls. Having this super power to blow past security to steal even well managed and classified data is why the bad guys are always after privilege.”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS:
“Military contractors who possess highly sensitive intellectual property must insure that property is not accessible from computers that also have connectivity to the Internet. In most cases, hackers do not steal sensitive data directly from the computers that store the data. Instead, hackers gain access to another computer within the organisation that has Internet access. Once hackers compromise that computer from the outside-in, they next use the computer they have compromised to steal data stored on another computer. This is all being done from behind perimeter firewalls. Recommendation – Organisations must build an airgap around computers that store highly sensitive data. Meaning that any other computer that needs access to that data should be “physically separated” from the Internet.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.