I just sat in on a conference call put together by the SANS Institute. They do all sorts of tracking of computer vulnerabilities, and they also do worldwide training sessions in stopping hackers, etc.
SANS today released a new Top 20 threat list, detailing what kinds of systems and programs are being targeted by hackers these days. Roger Cumming, Director of Britain’s NISCC, which is the UK equivalent of the US’ own Critical Infrastructure Protection Board,detailed two major trends to look out for as far as protecting critical infrastructure.
First, Cumming noted, as more and more networks converge onto single platforms (think of communications becoming more and more based on Voice over Internet Protocol, for example) the threats are increased. In other words, a cyber-attack won’t just knock out your email, it will knock out the voice communications you rely on as well. More and more apps on a single platform will also offer hackers more avenues into your critical systems.
Cumming also mentioned that cyber-watchers are seeing a real shift now in the motives for attacks. He called the current situation a “malicious marketplace,” where hackers are getting paid to do their dirty work. It’s no longer just teenagers with too much time on their hands. There’s no reason why terrorists, for example, couldn’t try to hire these professional hackers to launch attacks on critical US infrastructure.
Now, for the record, if you follow Defense Tech, you know the whole “cyberthreat” issue’s been raised before. And that it’s fair to say that we’ve been, shall we say, uber-skeptical about this kind of cyber-terrorism. Here, and here, for example.
Also of note: attackers have realized that Microsoft and others now offer automatic patches to plug holes in operating systems, and that, by and large, computer users are taking those patches. So, the hackers are now finding ways to exploit vulnerabilities, not in operating systems, but in applications like media players, and even anti-virus software itself. Beware when streaming that new Britney Spears vid!
All of this, of course, has huge implications for the US military and the Dept. of Homeland Security. They use much of the same, off-the-shelf software that ordinary users do, and so they face the same issues when it comes to hacking, etc. Scary, I know.
Alan Paller of SANS noted, however, that the US Air Force is setting an example of good governance in addressing these threats. Being a radio guy, I give you an audio clip of Paller talking about this during the press conference today. Download Alan Paller’s first clip
But, Paller also noted that the hardest work — finding out what’s already been compromised, and removing the offending bugs — has yet to be done. Download Alan Paller’s second clip
– Clark Boyd, technology correspondent for The World public radio program. The World is co-production of the BBC World Service in London and WGBH public radio in Boston.
|
New CyberthreatsLeave a Reply |
|
