View From The Bunker
A blog about security and availability from some of the folk at Symantec

• Home
• About
• RSS
• Get in contact

• Search

  Search for:

• Pages

  • Anyone need help with their VCR? Thought not.
  • Keep Your Data Safe Tool
  • About
  • Get in Contact
  • Books
  • Internet Security Threat Report – Podcast
  • Symantec Fast Response TV Widget
  • Contributers:
    • Darren Thomson
    • Dominic Cook
    • Gareth Fraser-King
    • Guy Bunker
    • John W. Turner

• Recent Posts

  • Spammers attempt Grand Theft from Auto Recall
  • And the Academy Award for the most dangerous search term goes to…
  • Importance of end-to-end encryption in the retail space
  • Lock Up Your Code
  • Storage Goes Wild…
  • UK ID fraud cases jump a third as malicious insiders turn to cybercrime
  • The Butterfly effect – Mariposa
  • The RSA Conference – Cloud, devices & social changing the game?
  • Financial Data and the Mobile Generation
  • Is online security hindered by computer jargon?

• Tags

  backup book bot botnet business continuity Cloud CNI conficker cyber-criminal data-loss Denial of service Downadup Education email encryption fraud Get Safe Online Identity impersonation InfoSec ISTR Las Vegas legislation Malicious insider passwords Phishing policy Privacy Ransomware Reputation RSA Conference security SMB SNIA social networking Spam Speaking StorageExpo underground economy USB Vision vulnerability website whaling wireless

• Blogroll

  • Bruce Schneier’s Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Toby Stevens’ Data Trust Blog

• Multimedia

  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy

• SYMC Blogs

  • Ask Marian Consumer Security Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Symantec French contributor
  • Symantec podcast channel
• 
• 

Cyber-terrorism And Critical National Infrastructure

News this week has said that the US power grid has been hacked by cyber-spies – which is all rather worrying. It used to be that Critical National Infrastructure (CNI) was owned by the government – it made sense, they were looking out for their citizens etc, etc and importantly, things like security were given a high priority.  However, that has changed and now they are owned by shareholders and so the emphasis is often more on profit and so security tends to play second fiddle to remaining competitive and making money. Add to this the fact that the Internet has enabled remote monitoring (less people, but more cyber-risk) and you can start to see the problem. A hacker today can be sitting in London, controlling a bot network in Russia and targeting America and in the click of a mouse could be targeting Australia routing through China. It’s almost too easy. There is a need to revisit CNI, look at how they can be attacked in the 21st Century and take suitable precautions.

The problem is not just CNI, companies and governments are increasingly putting in ’secret’ or ’secure’ networks, which in theory don’t connect to the Internet. Unfortunately some are finding problems they hadn’t foreseen – firstly virus infections. If you don’t get security updates then the network becomes a breeding ground for worms like Conficker which propagate using USB sticks and other routes. So, what – ‘it’s not attached to the Internet’… ah, there’s the other problem. Eventually, and it doesn’t seem to take long, someone installs a bridge between the ’secret’ network and the corporate network and then the data can leak out. Why does the bridge get installed? Simple… time and money – with very little thought to the risks and consequences.

With a frightening increase in malware around, assumptions on security for CNI and internal secure networks needs to be revisited. Just because you don’t think your network is at risk, doesn’t mean it isn’t. In an economic downturn, the information you have and ignore might just be valuable enough for someone to  steal and sell. Now is not the time to take shortcuts and reduce IT security.

Protecting Critical National Infrastructure

Next week is the RUSI conference on Protecting Critical National Infrastructure. I am one of the speakers opening the conference on Wednesday 16th April and will be talking about The Cyber Threat to Critical National Infrastructure. While the focus will be on CNI, many of the threats are just as applicable to any company, whether it is denial-of-service, data-loss or hacking of a company’s critical systems.

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• 
  

• 
  UK Orders
  US Orders

• 
  UK Orders
  US Orders

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response