News & Comment: U.S. National Intelligence Chief Sounds Chilling Alarm On Cyber Attacks

COMMENTS:

According to Edgard Capdevielle, CEO of  Nozomi Networks, which produces real-time cybersecurity for industrial control systems (ICS), “Unfortunately, the recent news on the red alert level of cyber warfare is not surprising. Increasingly, nation-state attackers are setting their sights on critical infrastructure, including power plants, transportation systems and water facilities, to threaten national security and economic stability. Today, more than ever, there is a need for critical infrastructure owners, vendors, security experts and government officials to work together to create an industry security program that will protect industrial control systems.

“We have seen the damage that can be done from attacks on the Ukrainian power grid, where perpetrators were able to compromise systems and literally shut down access to power. Experts believe Ukraine is serving as a training lab for larger critical infrastructure cyberattacks. The scenario that unfolded in Ukraine should serve as a warning that all connected infrastructure is vulnerable to cyber-attacks. It’s time to double down on efforts to ensure sound industrial cybersecurity.

“Fortunately, now technology exists that provides substantial assistance in identifying and mitigating targeted malware attacks. Operators can gain asset visibility and identify vulnerabilities before any damage is done. With today’s technological advances, such as machine learning and artificial intelligence, it is possible to model and monitor large, complex networks and physical processes used in refineries, power plants and gas pipelines.”

Spock…to the… bridge… we have… a… red…alert

Tim Erlin, VP, product management and strategy at Tripwire, expressed a concern that this was not necessary, saying, “There’s no value in sowing fear, uncertainty and doubt, but when the US Director of National Intelligence calls the situation a ‘red alert,’ it’s worth paying attention. Cyberattacks aren’t the same as missile strikes, but they can still do real, lasting damage to organizations and infrastructure. In this case, any kind of organization can be impacted, not just government institutions. Don’t make it easy for attackers by failing to address the basics of security hygiene. Understanding your attack surface, hardening configurations, addressing vulnerabilities and monitoring your environment are absolutely foundational to any cyber defense strategy.”

Photo Credit: Gage Skidmore Flickr via Compfight cc