There’s always a way in.
That’s the straightforward, yet disturbing message that hacker-for-hire, Marc Maiffret, made after his team, hired by a large California-based water system to probe the vulnerabilities of its computer networks, took control of the equipment to add chemical treatments to drinking water within one day, hypothetically making the water undrinkable for millions of homes.
Maiffret’s team discovered the system’s weakness when they found county employees had been logging into the network through their home computers, which left a gaping security hole. According to the LA Times article, “Virtual war a real threat,” this type of vulnerability is not uncommon. In fact, similar weaknesses in industrial control systems that run electrical grids, pipelines, chemical plants and other infrastructures exist across the country.
These types of examples underscore the urgency to secure critical U.S. infrastructure. While the Department of Homeland Security is working to help secure the country’s crucial infrastructure facilities, the reality is the companies, themselves, are the ones ultimately responsible for protecting their networks. But even with both entities striving to achieve the same goal, many experts including Scott Borg, head of the U.S. Cyber Consequences Unit, believe there’s still work to be done.
“If we don’t get our act together, the consequences could be dire.”
While vulnerabilities in these systems exist, reactive security solutions are no match for more sophisticated attacks like Night Dragon and Stuxnet, which target system controls of critical infrastructure companies.
To prevent the execution of all unauthorized applications from exploiting their computer networks, organizations need to take a proactive stance to stop malicious software from running on their system, despite their employees’ normal, but risky behavior. Application whitelisting technology prevents the execution of all applications that are not pre-approved for each computer in the infrastructure, including malicious and legitimate remote control applications used by these types of attacks to penetrate the network.