endpoint security: amplified

Final-Connect-Image.jpg

Five Hard Truths About Critical Infrastructure Protection: Truth 5

In last week’s blog, we walked through the various reasons why it’s important for critical infrastructure providers to develop and implement cybersecurity countermeasures tailored to the specific needs of physical and digital infrastructure. 

Truth #5: Most critical infrastructure providers lack the tools, skills and mindset to deal with cyberattacks and APTs 

Read More

Topics: Critical Infrastructure

Five Hard Truths About Critical Infrastructure Protection: Truth 4

In last week’s blog, we discussed why it’s important for critical infrastructure providers to recognize that by solely deploying preventative solutions, they are actually setting themselves up for failure. Cost-effective, scalable, post-intrusion detection solutions will help strengthen overall security strategy through proactive measures. 

Truth #4: Most critical infrastructure providers don’t know what digital vulnerabilities they have, where to find them or how to fix them 

Each critical infrastructure provider must develop and implement cybersecurity countermeasures tailored to its specific physical and digital infrastructure. This is hugely unfamiliar territory for most providers, who have relied on their equipment vendors to handle both ICS/SCADA and IT security. 

Unfortunately, neither traditional critical infrastructure vendors nor IT security vendors are fully equipped to counter the unique hybrid threat of cyber-enabled critical infrastructure attacks: The former aren’t schooled in IT security, while the latter aren’t used to protecting non-IT physical assets. Even worse, sometimes ICS/SCADA vendors don’t reveal vulnerabilities or even purposely install capabilities – such as unremovable backdoors – that attackers could easily co-opt. 

Scared they might overlook dangerous threats already on their systems, providers are reaching out to private forensic analysis companies and government authorities for help. A key, trusted government component is the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the Control Systems Security Program (CSSP) at the U.S. Department of Homeland Security (DHS). ICSCERT specializes in forensic incident response and vulnerability assessment throughout the critical infrastructure spectrum, from sectors as a whole to individual owners and operators. 

ICS-CERT’s June 2012 Incident Response Summary Report stated that the organization fielded nine incident reports in 2009, 41 in 2010 and 198 in 2011 – a 2,100-percent increase in only two years. Most incidents were not actual attacks, but of the 17 incidents that warranted on-site assessments: 

Read More

Topics: Critical Infrastructure

Critical Infrastructure of Malware Security

In last week’s blog, we discussed why critical malware security infrastructure is a prime target. To recap, targeted malware attack to critical infrastructure will continue to occur solely based on the political and economic ramifications that ensue following the incident. Political, economic and financial drivers are all motivating factors behind attacks of this nature. 

Truth #3: No Organization – critical infrastructure providers included – can keep up with the onslaught of new malware attack and APTS. 

Read More

Topics: malware analysis, Critical Infrastructure, malware attack, malware security

Five Hard Truths About Critical Infrastructure Protection: Truth 2

Earlier this month, we introduced you to the beginning of a blog series based on impending security threats to our nation’s critical infrastructure establishments. This content has been developed into a list of “Truths” that will help critical infrastructure owners and stakeholders better protect themselves from escalating cyber threats. On January 15th we discussed the first truth, ““Air Gaps” Do Not Provide Infallible Protection Against Cyber Threats and APTS.” 

Truth #2: Critical Infrastructure is a prime target 

Read More

Topics: Critical Infrastructure

Five Hard Truths About Critical Infrastructure Protection: Truth 1

According to research published on March 12, 2013 by James R. Clapper, the Director of National Intelligence, “We are in a major transformation because our critical infrastructures, economy, personal lives and even basic understanding of – and interaction with – the world are becoming more intertwined with digital technologies and the Internet. In some cases, the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” 

Once considered the unthinkable is now a reality; real-life cyberattacks on critical infrastructure have taken center stage in the past few years. Rapidly changing technologies, evolving cyberthreats and advanced, targeted malware have catapulted cybersecurity of real-world infrastructure from an academic backwater to a top government and industry priority. From power plants to water treatment sites, from traffic control systems to financial systems – all critical infrastructure – that once thought invulnerable to targeted cyberattacks now lies squarely in the crosshairs of nation states as well as individual hackers. 

Read More

Topics: Critical Infrastructure

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all