IT has always been thought of as a bunch of geeks with pocket protectors and slide rulers. Ok, I’m dating myself, we’re now pictured as geeks that drink Red Bull and play
video games all night (that’s a current stereotype isn’t it?) But are we really 21st century soldiers?
I’m not trying to compare us to the valiant men and women that are risking their lives to protect our nation every day. What we do cannot be compared to them; we’re a long way from risking our lives, but we are in a battle. A battle that never stops and is fought with weapons that constantly adapt. Our battle takes place on the electronic battlefield and the weapons vary from denial of service to viruses to hacks. And every time we develop a firewall or antivirus definition, someone figures out how to work around it.
So far our defense has been focused on protecting data – credit cards, identities, personal information, even intellectual property. But as a recent broadcast by 60 Minutes shows, electronic warfare is changing (see this ZDNet article about the Stuxnet virus, with embedded video). Our attackers are now going after equipment and machinery. Real things that can impact more than our finances, things that can cause physical harm to people and communities.
The recently discovered Stuxnet virus was designed to attack a specific Programmable Logic Controller (PLC) that monitored and controlled centrifuges in a nuclear power plant. And by the way, it only impacted specific nuclear power plants: only those in Iranian facilities. It was pretty devious; it installed around the world but only modified the PLCs in the Iranian facilities. It just slightly altered how the centrifuges worked, and it made sure the monitors showed everything as normal. It was millions of lines of sophisticated
code that performed specific actions on specific equipment. Obviously it was a directed attack, and fortunately it was uncovered before any real damage was done. History has already shown how devastating a nuclear power plant problem can be.
So what now? Well, personally, I’m going to look at IT Security differently. I’ve been in and around IT Security for years, and I try to be conscientious about passwords, userids, social engineering, keeping my antivirus up to date, and the like. Now I have to start thinking about what are the bigger repercussions of a breech. I still need to think about protecting data, but what else is there? Technology components are everywhere, and that means there are opportunities for hacking everywhere.
Yes, it’s horrible to have your credit card information or identity stolen, but does it really compare to a power plant getting shut down? What about a cellular or telephone network being impacted? How much IT is in a water processing facility? How much automation is in the manufacturing of pharmaceuticals and food processing?
The battlefield is shifting, the soldiers are different, and the war is electronic. Be prepared!
Learn how HP Enterprise Data Center Security Services can help you defend your servers, mainframes and storage from cyber and physical threats.