Page 18 - Security Today, May 2017
P. 18
CYBER SECURITY
NETWORK
PROTECTION
The Federal Trade Commission is now insisting on cyber security protection By Scott Lindley
Hacking has become a threat far bigger than most think. Indeed, the greatest threat to national security these days comes from not from aircraft carriers or infantry divi- sions, but a computer with a simple Internet connection located anywhere in the world.
The U.S. federal government suffered a staggering 61,000 cyber-security breaches that it knows of, last year alone. Pro- tecting your users from professional hackers is imperative.
Odds are that most of us do not work for organizations as large as the U.S. government or as big of target as a major corpo- ration. That should not give you rest. Many hackers are just teen- age boys in basements just trying to get into any system that they can. It’s referred to as “opportunistic hacking.” And, when they get in, they like to change code that will create mayhem. Think Ferris Bueller’s Day Off. Providing anti-hack card-based access control systems eliminates one of the more popular opportunities that Junior likes to leverage.
To give businesses an incentive to meet these cybersecurity threats, the Federal Trade Commission (FTC) has decided that it will hold the business community responsible for failing to implement good cybersecurity practices and is now filing law- suits against those that don’t. An appeals court backed its lawsuit against the hotel chain operator Wyndham Worldwide for not protecting consumers’ information and, just recently, the FTC filed a lawsuit against D-Link and its U.S. subsidiary, alleging that it used inadequate safeguards on its wireless routers and IP cameras that left them vulnerable to hackers.
The FTC is recognizing a problem that some security practi- tioners do not appreciate. To get into Information Technology (IT) and critical infrastructure Operational Technology (OT) systems, hackers are looking for the easiest path in, leveraging many different physical assets, including those within the enter- prise security system itself. They typically start with hardware which will give them access to specific computers. Then, those computers will give them access to both the target’s external and internal Internet.
Why do we mention both IT and OT systems? It’s because most everyone understands what IT is; very few relate to OT. IT security lives in the context of networks, servers, storage, apps and data. IT involves a system where hosts are talking to lots of other hosts and where there are frequent patch cycles - in weeks
or sometimes days - in response to expected and known cyber threats. IT security basically protects data (information). An at- tack on the IT system can create very big problems from stealing personal information such as Social Security numbers, HIPPA protected files and other privacy/ID data to transferring funds. If this isn’t bad enough, however, the new trend of attacking the OT system can be even worse.
Out back, beyond the white collar offices and data centers and, often, miles away are the industrial control systems (ICS) that run organizations’ operations. In industries as diverse as oil and gas, power generation and distribution, healthcare (i.e. MRI’s), transportation systems, manufacturing and many others, ICS’s, by connecting sensors, machines and instruments, create automated solutions that increase productivity. They control lo- cal operations such as opening and closing valves and breakers, collecting data from sensor systems to turn up the heat of furnac- es and monitoring the local environment for alarm conditions. When hacked by sophisticated government backed entities, havoc can run rampant.
NS4
0517 | NETWORKING SECURITY
deepadesigns/Shutterstock.com