Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real

Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.

Steve Grobman, Chief Technology Officer at Intel Security

March 25, 2016

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Based on today’s indictment from the U.S. Department of Justice, a group of hackers working for the government of Iran conducted a targeted cyberattack in 2013 on the SCADA systems of the Bowman Avenue Dam in Rye Brook, N.Y. The attackers gained access to the dam’s operational systems, including temperature information, water levels, and the sluice gate. Only the fact that the gate had been manually disconnected from the system for maintenance prevented them from operating the gate.

This event is a reminder of how important it is for us to protect critical infrastructure, whether at the national, state, local, or private-sector level. Despite the relatively small size of this facility, this is a good example of how critical infrastructure is vulnerable to various actors. We should not look at the size of the particular body of water, dam, or power distribution facility. Larger facilities have similar systems, and they are vulnerable to similar exploits.

Cyberattack and cyber-exploitation tools and expertise are readily available to those willing to pay for them. An entire underground cyber-exploitation ecosystem has evolve through which the latest malware can be rented, including hacker services, to execute attacks. This magnifies the capabilities of a less-technical entity to launch sophisticated attacks. 

Providers of critical infrastructure are increasingly aware of the importance of a strong cyberdefense, and most of them have been investing in this area for the past several years. Critical infrastructure is composed of many interconnected elements, far more so than the typical large enterprise, that extend into the physical world. That means that cyberattacks can potentially damage physical infrastructure and even threaten lives.

While the level of confidence in security defenses has been increasing over the last few years in this industry, according to a recent report on critical infrastructure readiness, the majority are also being intellectually honest about the ongoing risks of a serious event actually happening. About half (48%) believe it is likely that within three years there will be a cyberattack on critical infrastructure that will result in loss of life. It's mostly just a matter of resources, motivation, persistence, and opportunity.

Security Industry: Think And Act Differently

The appropriate response to this 3-year-old security breach -- and every other breach we read about -- is not the latest security gadget or scapegoat. The fragmented nature of multiple security solutions and the resulting complexity is part of the problem. Instead, since cyberattacks have become an ongoing part of our digital lives, we believe that the security industry, including vendors, partners, and customers, needs to think and act differently. We need to build a more complete picture of the real threats and our own security posture by sharing and collaborating better. That means sharing information in real-time between different products and services; sharing threat intelligence among organizations and governments; and collaborating quickly when threats are identified to protect critical resources and contain the potential damage.

One of the most interesting aspects of almost every security study we have done over the past few years is the critical part that human interactions play in security weaknesses. What we’re seeing in many industries is a combination of technical vulnerabilities and human ones, often referred to as “social engineering.” Whether it is a phishing campaign to steal credentials or social media tricks to increase the credibility of a malicious attachment, this is often the starting point to infiltrate the environment and launch a more complex attack.

Defending against this combination of human and technical exploits requires the collaboration of human and technical security defenses. Cyberspace has grown essential to every dimension of our lives so we should assign as much priority to protecting our digital resources as we do to protecting our physical security. Escalating cybersecurity tensions, both the breaches themselves and the public concern they cause, risk fragmenting the infrastructure, hindering innovation, and limiting the future prospects for technology.

Read more about:

2016

About the Author

Steve Grobman

Chief Technology Officer at Intel Security

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security assets.

 

Grobman joined Intel in 1994 as an architect in IT and has served in a variety of senior technical leadership positions during his Intel career. Before assuming his current role in late 2014, he spent a year as chief technology officer for the Intel Security platform division. Prior to that role, he spent two years as chief technology officer at Intel's subsidiary McAfee to integrate security technology from the two companies.

 

In prior roles, Grobman served as chief security technologist for the Intel Atom processor system-on-chip design group and spent seven years as chief architect for Intel vPro technology platforms. In the latter position, he led work on the solutions architecture that resulted in a business platform with unique hardware-based management and security capabilities.

 

Before joining Intel, Grobman spent four years at IBM as a solutions programmer and developer. Grobman has published a number of technical papers and books, and holds 20 U.S. and international patents in the fields of security, software, and computer architecture, with about another 20 patents pending. He is also the recipient of two Intel Achievement Awards, the first earned in 2005 for the invention, initial architecture, and strategy of the first PC embedded appliance; and the second in 2007 for the success of the Intel vPro technology platform.

 

Grobman earned his bachelor's degree in computer science from North Carolina State University

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights