Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Afterbytes with Marcus Ranum - Under Constant Attack

Title: Critical Infrastructure Computer Systems Under Constant Attack

Date: January 28 & 29, 2010

According to a report from The Center for Strategic and International Studies, utility companies’ and other critical infrastructure components’ computer systems are constantly under attack worldwide. The report, which was commissioned by McAfee, compiles information gathered from 600 IT and security executives at companies around the world. More than half of respondents believe that their countries’ laws are not effective in deterring cyber attacks, and nearly half believe that their countries do not have the ability to prevent cyber attacks.

Sources: Global Critical Infrastructure Networks Regularly Under Attack , Government's Cybersecurity Role Gets Mixed Reaction, Study Finds Growing Fear of Cyberattacks

Wow, did you realize that if you connect to the internet, you might come under attack?

Once again, we see the reality disconnect that is computer security. Are we to infer from the article that executives expect their government to somehow protect their internet connected systems from so many attacks? It's starting to sound like it's time to put the signs back up that read "Must be _ this tall to ride this ride." It is now and has always been the case that:

  • Anyone connecting to the internet should expect to be attacked
  • You pretty much can't "do anything" about the attacks
  • The attacks will appear to come from someplace you have no jurisdiction over

The bottom line is as it's always been: it's your job to defend yourself, and you're crazy if you expect any kind of help from anyone. You're on your own, in other words. Of course your country's laws aren't going to deter cybercriminals - the people who are causing your problem aren't subject to your laws. Of course your government isn't going to be able to help you - the people who are causing your problem do not fear your government. It's that simple: you must be this tall to ride this ride.

Besides, the best that the government can do for anyone, at this point, is write an official harsh letter.

Since the cyberattack hype bandwagon is in full swing, I figured it wouldn't take long before corporations started looking for a cybersecurity bail-out; remember how much money was going to be saved by remote-linking those power-grid nodes over the Internet? Maybe it was a false saving after all. A couple of months ago I was chatting with a pretty clueful fellow who had worked on some of the power-grid systems, and he was bemoaning how much it was going to cost to beef up the security and flog the deeply embedded hackers out - "the customers are not going to want to foot the bill for this one!" he said. I couldn't help but reply, "well, why can't the power companies pay for it from the money that they saved by using the internet instead of private dedicated links?"

Here's another prediction for you: the corporations will be next in line with their hands out for a cybersecurity bail-out. And, let me tell you another trade secret of how to be an industry "thought leader": predict things that are already happening,

A couple of months ago, when I started tracking the "Chinese cyberwar" kerfuffle I said that it sounded like budget pumping, to me, and I stand by what I said. The recent announcement that the U.S. Navy has established a "cybercommand" like the other branches of the DoD, and thanks to the new red scare the budget faucet is flowing merrily.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training