The leading story in the weekend’s Telegraph was that Britain’s airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.
Security services have issued a series of alerts in the past 24 hours, warning that terrorists may have developed ways of bypassing safety checks. Mark Kuhr, CTO and Co-Founder at Synack leaders in crowd security intelligence and penetration testing commented below.
Mark Kuhr, CTO and Co-Founder at Synack:
“The adversary is innovative and creative. Cybercriminals and state-sponsored actors will target high-value assets like critical infrastructure to achieve economic, political, or ideological gains. Unfortunately, rapidly changing IT infrastructure can lead to new vulnerabilities and “targets of opportunity” for the adversary. Even as we bolster the defenses of our airports and nuclear stations, the adversary will continue to seek new, undetectable pathways to attack. These pathways could be as simple as personal devices with weak security that have introduced vulnerable personal apps to the network or business logic flaws in network security that have yet to be discovered. Today, we have to train like we fight. Airports and nuclear power stations should consider adopting an offensive approach to defense to assess their security as a cyber adversary would. This proactive approach can help find and fix vulnerabilities before an attacker can develop a workaround and lead to a damaging outcome.”