By Gregory Hale
Technology is advancing across all industries and it is making them smarter and more agile, but attack vectors are also on the rise, which means industry leaders need to understand who and what they are facing.
“The faster we go, the more ‘behinder’ we get,” said General Michael Hayden, principal at the Chertoff Group and former Director of the CIA and the NSA, during his keynote address Tuesday at the PAS 2018 Optics conference in Houston, TX. “What is good for business is sometimes bad for business.”
Hayden, while not talking directly about the manufacturing automation industry, was able to spin some general thoughts about cybersecurity that was applicable for everyone.
Speaking in a more military vernacular, Hayden said cybersecurity is now a new domain, it is an operational theater like land, sea, air and space.
The catch is, he said, when it comes to the Internet, “security was an afterthought. It is still an add on. The architecture was not designed to protect data.”
While the good guys are coming to grips with that, he said there are three other elements that are taking advantage of the Internet’s flaws:
• Nation states
• Criminal gangs
“These big actors could in one scenario or another come after you,” Hayden said. “All three are capable.”
Nation states are the most powerful of the threat groups. If your company is a target, they will get in. They are well funded and well-staffed.
He did say, yes nation states are considered bad guys, but the U.S. also goes after information.
“We steal other people’s information,” he said. “I like to think we are number one. We steal data internationally, not nationally.”
The other main group is criminal gangs. Hayden said the center of gravity for these groups is mainly located in post-Soviet space.
The other group, Hayden said are hactivists.
“This is a group that should concern you because these people are disaffected. They can come after you because you are there.”
Some signs Hayden said they have been seeing lately are attackers:
• Stealing your stuff
• Corrupting your stuff
• Hurting your network
• Creating physical destruction
Hayden also talked about an attack against critical infrastructure that happened about eight years ago and that was Stuxnet.
“It was a peacetime attack on a critical infrastructure; Stuxnet crossed the Rubicon and crossed the threshold,” he said. “Stuxnet was an unsheathing of a weapon and in human history says once we take it out we don’t put the weapon back in the sheath.”