• Home
• About
• RSS
• Get in touch

Cyber-terrorism And Critical National Infrastructure

News this week has said that the US power grid has been hacked by cyber-spies – which is all rather worrying. It used to be that Critical National Infrastructure (CNI) was owned by the government – it made sense, they were looking out for their citizens etc, etc and importantly, things like security were given a high priority.  However, that has changed and now they are owned by shareholders and so the emphasis is often more on profit and so security tends to play second fiddle to remaining competitive and making money. Add to this the fact that the Internet has enabled remote monitoring (less people, but more cyber-risk) and you can start to see the problem. A hacker today can be sitting in London, controlling a bot network in Russia and targeting America and in the click of a mouse could be targeting Australia routing through China. It’s almost too easy. There is a need to revisit CNI, look at how they can be attacked in the 21st Century and take suitable precautions.

The problem is not just CNI, companies and governments are increasingly putting in ‘secret’ or ‘secure’ networks, which in theory don’t connect to the Internet. Unfortunately some are finding problems they hadn’t foreseen – firstly virus infections. If you don’t get security updates then the network becomes a breeding ground for worms like Conficker which propagate using USB sticks and other routes. So, what – ‘it’s not attached to the Internet’… ah, there’s the other problem. Eventually, and it doesn’t seem to take long, someone installs a bridge between the ‘secret’ network and the corporate network and then the data can leak out. Why does the bridge get installed? Simple… time and money – with very little thought to the risks and consequences.

With a frightening increase in malware around, assumptions on security for CNI and internal secure networks needs to be revisited. Just because you don’t think your network is at risk, doesn’t mean it isn’t. In an economic downturn, the information you have and ignore might just be valuable enough for someone to  steal and sell. Now is not the time to take shortcuts and reduce IT security.

comments

• Connect with us



• Get Email Updates

• Recently Posts

  • Common Criteria EAL +3 Security Certification – What’s all the fuss about?
  • Cyber crime: a real risk to global stability
  • Let’s get back to basics in 2012
  • The challenges of securing industrial control systems
  • The Power of Collaboration Against Cybercrime
  • A View from the London Conference on CyberSpace
  • Safety first when going virtual
  • #smbrisk – a great debate
  • Tainted love….remembering the love bug of 2000
  • Get social, not paranoid

• Pages

  • announcements
  • Application
  • Availability
  • backup
  • botnet
  • Cloud computing
  • Complexity
  • Compliance
  • Consumerization
  • cyber-crime
  • data centre
  • data-loss
  • Denial of service
  • disaster recovery
  • Education
  • Green IT
  • impersonation
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • misleading applications
  • Patching
  • Phishing
  • Regulation
  • Reputation
  • SaaS
  • security
  • small business
  • Social Media
  • Spam
  • Speaking
  • Storage
  • trojan
  • Uncategorized
  • Virtualization
  • Virus

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Symantec French contributor - A blog from the French pen of Laurent Heslault
  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy
  • Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
  • Toby Stevens’ Data Trust Blog