For organizations that run the nation’s most critical infrastructures, it’s important to understand that today’s targeted cyber attacks are designed to carry out any number of activities including monitoring network processes to bringing down the grid. Just because hackers haven’t carried out an attack doesn’t mean malware isn’t already resident in a system waiting for the most opportune time to launch.
In the article, “Attackers can take out critical infrastructure, but profit lies elsewhere, researcher says,” Jason Larson, a security researcher at the Idaho National Laboratory, said there’s plenty of evidence that hackers have already infiltrated control systems that run power generation plants, gas and oil refineries, and other chemical factories, but so far their activity is observational.
“If you are going to wait for the explosions you’re going to be waiting for a long time. They don’t seem terribly interested in wrecking the place — at least not yet… Destroying processes completely is not really profitable. It’s more profitable to monitor and wait for the perfect opportunity.”
According to Larson, once inside the network of critical infrastructures hackers appear to be focusing on monitoring how the processes within the facilities work. Speaking at the Forum of Incident Response and Security Teams (FIRST) Conference 2010, Larson suggested that an increase in wireless field equipment, including embedded devices and the high speed communication links they connect to, are making control systems more vulnerable. As a result, much more research needs to be done to improve the security of embedded devices and produce standards so security experts can access firmware in the event of a breach.
As we know, regulations alone won’t solve the problem. I agree with Larson when he says that compliance does not equal security. While we all know meeting industry standards helps increase network security and defend our infrastructures against new threats, it does not completely provide it. It can take years to create Federal mandates, which are never updated fast enough to keep up with evolving cyber threats.
The longer a company waits, the more intrenched malware can sit silently monitoring network processes and waiting for the best opportunity to attack. That’s why it is so important for organizations to be proactive instead of waiting for a catastrophe to happen and reacting. Because when it comes down to it, network penetration can and does occur, whether we know if or not.
[...] I mentioned in a previous blog about malware that is already resident in a system but is waiting for the opportune time to launch, no matter where these attacks come from, and no matter which ATPs are involved, the vast majority [...]