Organizations need to shield themselves from the rising threat of cyber attacks and sophisticated sabotage directed at IT infrastructure, according to a new report.
The report examines the challenges facing infrastructure and resources as well as identifying specific risks and vulnerabilities in the ever-evolving cyber threat landscape. Security specialist McAfee and the Pacific Northwest National Laboratory, a federal contractor to the U.S. Department of Energy, issued the report.
Among the main threats was an increase in access points to devices and IT infrastructure due to expanding communications networks, which results in increased exposure to potential attacks, as well as increased automation, where networks gathering large amounts of data could pose new risks to security.
The report also notes cyber attacks have evolved into a sophisticated and carefully designed digital-weapon tasked for a specific intent, such as the Stuxnet, Flame and Duqu viruses, and examines how emerging vulnerabilities of control systems continue to accelerate.
“When early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered,” said Philip Craig Jr., senior cyber security research scientist and a researcher within the National Security Directorate at the Pacific Northwest National Laboratory. “Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multivendor and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber-adversary to attack cyber security postures throughout critical infrastructure.”
The points out the energy grid, and warns it is not capable of withstanding cyber security attacks. The research outlines several ways to combat these threats, including memory protection to block and report any attempt to exploit network vulnerabilities; file-integrity monitoring to report any file change, addition, deletion, renaming, attribute changes or modification; and hard-disk read and write protection, which can bolster data security.
“Infrastructures that control systems affecting our everyday lives, such as smart grids, are rising in adoption yet still lack the proper security needed to prevent sophisticated cyber-attacks,” said Phyllis Scheck, vice president and chief technology officer for McAfee’s global public sector.
“Achieving security by design is essential in securing critical infrastructure,” she said. “Cyber security must be embedded into the systems and networks at the very beginning of the design process so that it becomes an integral part of the systems’ functioning.”