Organizations need to shield themselves from the rising threat of cyber-attacks and sophisticated sabotage directed at IT infrastructure, according to a report issued by security specialist McAfee and the Pacific Northwest National Laboratory, a federal contractor to the U.S. Department of Energy. The report examines the challenges facing infrastructure and resources as well as identifying specific risks and vulnerabilities in the ever-evolving cyber-threat landscape.
Among the main threats was an increase in access points to devices and IT infrastructure due to expanding communications networks, which results in increased exposure to potential attacks, as well as increased automation, where networks gathering large amounts of data could pose new risks to security. The report also notes cyber-attacks have evolved into a sophisticated and carefully designed digital-weapon tasked for a specific intent, such as the Stuxnet and Duqu viruses, and examines how emerging vulnerabilities of control systems continue to accelerate.
When early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered, Philip Craig Jr., senior cyber-security research scientist and a researcher within the National Security Directorate at the Pacific Northwest National Laboratory, said in a prepared statement. Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multivendor and stacked security tools will only delay a cyber-attack, providing numerous opportunities for a more advanced and modern cyber-adversary to attack cyber-security postures throughout critical infrastructure.
The report pays particular attention to the nation's energy grid, and warns the grid was not designed to withstand cyber-security threats. The research outlines several ways to combat these security threats, including memory protection to block and report any attempt to exploit network vulnerabilities; file-integrity monitoring to report any file change, addition, deletion, renaming, attribute changes or modification; and hard-disk read and write protection, which can bolster data security.
"Infrastructures that control systems affecting our everyday lives, such as smart grids, are rising in adoption yet still lack the proper security needed to prevent sophisticated cyber-attacks," Phyllis Scheck, vice president and chief technology officer for McAfee's global public sector, said in prepared remarks. "Achieving security by design is essential in securing critical infrastructure. Cyber-security must be embedded into the systems and networks at the very beginning of the design process so that it becomes an integral part of the systems' functioning."
This article was originally published on 06-19-2012