Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Afterbytes with Marcus Ranum - Under Constant Attack

Title: Critical Infrastructure Computer Systems Under Constant Attack

Date: January 28 & 29, 2010

According to a report from The Center for Strategic and International Studies, utility companies’ and other critical infrastructure components’ computer systems are constantly under attack worldwide. The report, which was commissioned by McAfee, compiles information gathered from 600 IT and security executives at companies around the world. More than half of respondents believe that their countries’ laws are not effective in deterring cyber attacks, and nearly half believe that their countries do not have the ability to prevent cyber attacks.

Sources: Global Critical Infrastructure Networks Regularly Under Attack , Government's Cybersecurity Role Gets Mixed Reaction, Study Finds Growing Fear of Cyberattacks

Wow, did you realize that if you connect to the internet, you might come under attack?

Once again, we see the reality disconnect that is computer security. Are we to infer from the article that executives expect their government to somehow protect their internet connected systems from so many attacks? It's starting to sound like it's time to put the signs back up that read "Must be _ this tall to ride this ride." It is now and has always been the case that:

  • Anyone connecting to the internet should expect to be attacked
  • You pretty much can't "do anything" about the attacks
  • The attacks will appear to come from someplace you have no jurisdiction over

The bottom line is as it's always been: it's your job to defend yourself, and you're crazy if you expect any kind of help from anyone. You're on your own, in other words. Of course your country's laws aren't going to deter cybercriminals - the people who are causing your problem aren't subject to your laws. Of course your government isn't going to be able to help you - the people who are causing your problem do not fear your government. It's that simple: you must be this tall to ride this ride.

Besides, the best that the government can do for anyone, at this point, is write an official harsh letter.

Since the cyberattack hype bandwagon is in full swing, I figured it wouldn't take long before corporations started looking for a cybersecurity bail-out; remember how much money was going to be saved by remote-linking those power-grid nodes over the Internet? Maybe it was a false saving after all. A couple of months ago I was chatting with a pretty clueful fellow who had worked on some of the power-grid systems, and he was bemoaning how much it was going to cost to beef up the security and flog the deeply embedded hackers out - "the customers are not going to want to foot the bill for this one!" he said. I couldn't help but reply, "well, why can't the power companies pay for it from the money that they saved by using the internet instead of private dedicated links?"

Here's another prediction for you: the corporations will be next in line with their hands out for a cybersecurity bail-out. And, let me tell you another trade secret of how to be an industry "thought leader": predict things that are already happening,

A couple of months ago, when I started tracking the "Chinese cyberwar" kerfuffle I said that it sounded like budget pumping, to me, and I stand by what I said. The recent announcement that the U.S. Navy has established a "cybercommand" like the other branches of the DoD, and thanks to the new red scare the budget faucet is flowing merrily.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security