Critical systems facing attacks from foreign powers
Posted on 29 Jan 2010 at 08:26
The frequency, scale and scope of cyber attacks by nation states are increasing at an alarming rate, according to a report commissioned by security firm McAfee.
More worryingly, McAfee says vulnerable software that controls critical infrastructure - from power supplies to communications - is a major target for attacks by nation states.
The study surveyed 600 IT security executives from critical infrastructure organisations around the world and found that 54% had already suffered large scale attacks or stealthy infiltrations from organised crime gangs, terrorists or foreign powers.
The report, In the Crossfire: Critical Infrastructure in the Age of Cyberwar, commissioned by McAfee and authored by the Center for Strategic and International Studies, says many of the world’s critical infrastructures were built for reliability and availability, not for security.
Traditionally, the study claims, these organisations have relied on guards, gates and guns rather than network security, but the connection of systems to corporate networks and the web changes the landscape.
According to the UK's Centre for the Protection of National Infrastructure, almost all critical industrial infrastructures and processes are managed remotely from central control rooms using Supervisory Control And Data Acquisition (SCADA) technology.
These systems control the flow of gas and oil through pipes, the processing and distribution of water, the management of the electricity grid, the operation of chemical plants, and the signalling network for railways.
Yet globally, three quarters of survey respondents with SCADA responsibilities said their networks were connected to an IP network and that half of those connections represented an “unresolved security issue”.
“The original SCADA design generally didn’t assume that the control systems would be exposed on networks where untrusted people had at least some level of access to them,” the report quotes an industry veteran as saying.
He said much SCADA software was written “quite some time ago and has not been modified since” so the systems were “not on the newest platforms, so they have those vulnerabilities that have been discovered over time. Replacing them is hugely complex and expensive.”
Despite a growing body of legislation and regulation, more than a third of IT executives said the vulnerability of their sector had increased over the past 12 months and two-fifths expected a major security incident in their sector within the next year.
Author: Stewart Mitchell
advertisement
- What's that eggy smell in the server room?
- How to change the default template in Word 2007
- Book review: Rework by Jason Fried and David Heinemeier Hansson
- Panorama parents deserve their file-sharing fine
- Google and BT offer free website service to British businesses
- Lords' last chance to protect broadband customers
- Extreme handwriting recognition on the Dell Latitude XT2
- 12 surprising things that Wolfram Alpha knows
- Nokia N900: phone or pocket computer?
- The sinister side of Spotify
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- Delving into the Norton 2010 line-up
- How to commit Facebook suicide
- Microsoft must stop silently installing browser plugins
- Poking into Facebook security
- Has Microsoft shot itself in the foot with Security Essentials?
- Wi-Fi hacking: don't panic yet
- Gary McKinnon deserves prosecution not extradition
- Sex and online security: how much danger are we really in?
- Security without penalty
- The spam is out, but the viruses are in
advertisement
Printed from www.pcpro.co.uk