关键基础设施是网络安全的新战场

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

CriticalInfrastructureistheNewBattlegroundforCyberSecurityByMarkHattononMarch26,2013inShare75TweetTheroadtowardseffectivesecuritybeginswithprettylogicalquestion.Whatdowehavethathackersarelikelytotryandsteal,takeoverormanipulate?Byunderstandingtheprimarymotivationofyouradversary,youarebetterpreparedtodefendagainstanattack.Whenwelookatcybersecurityinthiscountrythroughthelensofthispredictiveanalysis,thelikelytargetsofalarge-scaleattackcomeintofocus.Whiletheymayseemimportanttosomeofus,thefocusofanation-stateattackisnotlikelytobeagainstourcollectiveFacebookpages,TwitterhandlesorLinkedIngroups,butratheragainsttargetswiththeabilitytocreatewide-spreadconfusionandeconomicloss.Inotherwords,it’sourcriticalinfrastructurethatismostatriskofatargetedattackfromasophisticatedadversary.Whenwerefertocriticalinfrastructure,wearereferringtotargetssuchaspowerplants,watertreatmentfacilitiesandtransportationsystems.Theseareconsideredhigh-valuetargetsfrombothaneconomicandmilitarystandpointandassuch,haveinstantsignificanceforcyberattacksfromnation-statesandotherwell-fundedandsophisticatedterroristgroups.Theissuesinvolvedinsecuringinfrastructuresitesareplentifulandvaryfromlocationtolocation,butlet’sfocusonafewkeyareasthatmakethesefacilitiesvulnerable.First,theyareunderconstantattack,continuouslybeingprobedfordefensiveweaknessesandaccesspoints.Tocomplicatematters,theattacksareoftensowelldisguisedthatsomefacilitiesdon’tevenrecognizewhentheyhavebeenprobedorifaweaknesshasbeenidentifiedforfutureexploitation.Secondly,theattackstargetedtowardscriticalinfrastructurearenotrun-of-the-millvirusesorTrojanssentoutacrosstheInternettoblindlyinfectasmanysystemsaspossible.Theyaresophisticatedattacksengineeredforasinglepurposebysomeofthebrightestmindsininformationsecurity.Inmanycases,thesearestate-fundedandtheteamswhocreatethemhaveanearlyendlesssupplyofresourcesattheirdisposal.Manycountries,Chinachiefamongthem,haveinvestedheavilyincyberweaponryinrecentyears,withinformationgatheringandtheabilitytotakedownhigh-valuetargetsatthetopoftheirprioritylists.TheheadlinesofStuxnetorFlamearejustsomeofthemorerecentexamplesofthetypeofattacksnation-statescancreate.Lastly,andperhapsmostworrisome,istheinabilityofthesefacilitiestoidentifynotonlywheretheyarevulnerabletoattack,buttofullyunderstandwhereandhowtheirnetworksareconnectedtotheInternet.Whilethismayseemalmostinconceivablefromtheoutsideperspective,youmustrememberthatmostofthesefacilitiesoperateasinsularoperationscutofffromsystemsoutsideoftheirphysicalsite.Whatwe,asthesecurityindustry,havepointedoutoverthepastseveralyearsisthattoday’smoderncontrolsystems,designedtoprovideoversightandincreasedsafety,actuallyoperateviatheInternetandwereopeningupconnectionsthatcanbeexploitedbyhackers.So,howimminentisamajorcyberattackonU.S.infrastructure?High-rankinggovernmentofficials,includingformerDefenseSecretaryLeonPanetta,haveestimatedthatwewillseeasignificantattackwithinthenext12–18months.Leadersatseverallawenforcementagencieswithinthegovernmenthaveopenlydiscussedinstanceswhereonlineintrudershavegainedaccesstocontrolsystemsforchemical,waterandelectricalplants,aswellascontrolsoftwareforpublictransportationsystems.WhiletheideathatentireregionscouldbeleftwithoutcriticalservicessuchaswaterorpowersoundslikethescriptfromamovieortheinspirationforahitTVdrama,itisnotonlypossible,butlikelyifwedon’ttakethenecessarystepstoprotectourcriticalinfrastructurefromoutsideattack.Toitscredit,thegovernmentrecognizesthisasaseriousthreatandallocatesnotonlythebudgetnecessary,butthetopcybermindsavailableatitdisposal,tohelpaddressit.However,thereismorethatcanandshouldbedoneinordertomaximizeourcyberdefenses.Isuggestbettercoordinationbetweenthegovernmentandprivatesectors.Whilethegovernmentcertainlyhasmoreresourcesatitsdisposalintermsofbudgetdollarsandsophisticatedtechnology,innovationismostoftenthepurviewofprivateindustry.Together,thiscombinationcanbepowerfulalliesinthwartingattacksfromnationstatesbentontakingdowncriticalfacilities.Anotherareaoffocusisbetteroversightandconsolidationofauthoritywhenitcomestocybersecurityforcriticalinfrastructure.Recently,thechairmanoftheUnitedStatesFederalEnergyRegulatoryCommission(FERC),JonWellinghoff,opinedthatthereisalackofauthorityforanagencytoactuponcyberthreats.AccordingtoWellinghoff,“nobodyhasadequateauthoritywithrespecttoelectricandthegasinfrastructureinthiscountryregardingknownvulnerabilities.IfIhadacyber-threatthatwasrevealedtometomorrow,thereislittleIcoulddothenextdaytoensurethatthethreatwasmitigatedeffectivelybythetargetedsite.”Thistome,givenwhatisatstake,isunacceptable.Thereneedstobeasysteminplaceforsharingthreatsandkeyindicatorsofattacksacrossallfacilitiesandamechanismforthesesitestoreportbackonhowthreatswereidentifiedandmitigated.Criticalinfrastructurehasbecomeoneofthemostimportantarenasinthebattleforcybersecurityandunderscoresperhapsthemostimportantpointofall.IfyouareconnectedtotheInternet,youarevulnerabletoacyberattack.RelatedReading:SCADAHoneypotsShedLightonAttacksAgainstCriticalInfrastructureRelatedReading

1 / 6
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功