Business Technology: Security Tips That Will Scare--And Help--You
Security nightmares are swirling all around us--more sophisticated, more malicious, more damaging--and perhaps the next theater in the battle will be industrial networks: energy generation, power transmission, utilities, transportation, telecom, etc. Feel overwhelmed? A great place to start looking for ideas, Bob Evans says, could be InfraGard.
With InformationWeek's annual Security Survey coming out today, I wanted to share with you some of the valuable but frightening things I found on a security-related site that until one week ago I'd never heard of:
- Why Rational Development Solutions for Power?
- 2012 IBM Chief Information Security Officer Assessment
Those are just a few quick samples of the rich security-related content to be found on the Web site of InfraGard, a national association I mentioned in this space last week after FBI Director Robert Mueller spoke at InfraGard's annual conference. So what is InfraGard, and why is it pulling together this and other valuable cybersecurity content? Formed in 1996 by the FBI to enlist the help of the IT industry and academia for the bureau's investigations into cybercrime, InfraGard today is "an association of businesses, academia, institutions, state and local law-enforcement agencies, and others dedicated to sharing information and intelligence to prevent hostile acts against the United States." Its 11,270 members include representatives from 68 of the Fortune 100 and are organized into local chapters around the country. So InfraGard is one of those outfits that actually does think globally while acting locally, and while my exposure to InfraGard has been admittedly brief, I would urge you to evaluate what the chapter near you is doing.
Here's another one: Know what "Scada" is? A study presented at an InfraGard chapter taught me that it stands for "Supervisory Control and Data Acquisition"--more directly, industrial process-control systems that monitor and control equipment such as motors, valves, pumps, relays, and sensors. Know why Scada is going to become a lot more important to traditional IT operations? Here's an example from that study: "Terrorists aside, what about sabotage of Scada systems by others, such as insiders? In 2000, in Maroochy Shire, Queensland, Vitek Boden released millions of litres of untreated sewage using a wireless laptop, apparently taking revenge against former employers. He was arrested, convicted, and jailed."
But while the potential for massive damage via cyberattacks is increasing, the good news is that the IT industry is beginning to take note. The paper, given at an InfraGard chapter meeting late last year in Eugene, Ore., by St. Sauver of the University of Oregon's Computing Center, said, "Cisco deserves a big 'atta boy' for its Critical Infrastructure Assurance Group," and he also cites the Cyber Security Industry Alliance, whose members include more than a dozen security-related vendors.
And finally, St. Sauver's presentation completed the circuit with this advice: "Much of what's being faced in the Scada world has already been hashed through and fixed in the enterprise IT world. Those solutions, where suitable, need to be 'thrown over the wall' to Scada networks and systems so Scada folks don't 'reinvent the wheel.' IT folks need to visit with the process-control guys and gals."
The worlds of industrial-control networks and more-traditional enterprise IT networks are coming together, inevitably and inexorably. Are you ready? Either way, InfraGard is probably a pretty good outfit to get to know.