Blog – Today’s Security Risks

No longer are viruses or unsolicited email the work of an intelligent, bored geek, but instead they are symptoms of organized financial crime and coordinated cyber attacks. As electronic communication forms a nexus of global critical infrastructure, Internet security, situational awareness of entities that want to connect, and overall communications activity intelligence fuse to become infrastructure protection technology.

Threats of the following types are not just commercially based they can also be launched against your home networks.  Threats can come from many different sources, including:

  •  Attacks from thrill seekers
  • Botnet attackers trying to create zombies
  • Criminals looking for monetary gain or to conduct industrial espionage
  • Foreign intelligence services
  • Disgruntled insiders
  • Phishers, spammers and spyware authors infecting systems with viruses, worms, and Trojans
  • Prohibited software
  • Vendor updates
  • Software malfunctions
  • Contractors and other temporary workers
  • Inappropriate and/or out-of-date policies
  • Terrorists
  • Industrial spies
  • Backup or auxiliary systems don’t have same protections as the primary systems

 According to North American Electric Reliability Corporation [NERC], the top 10 vulnerabilities common to control systems are:

  1. Inadequate policies, procedures, and culture that govern control system security
  2. Inadequately designed control system networks that lack sufficient defense-in-depth mechanisms
  3. Remote access to the control system without appropriate access control
  4. System administration mechanisms and software used in control systems are not adequately scrutinized or maintained
  5. Use of inadequately secured WiFi wireless communication for control
  6. Use of a non-dedicated communications channel for command and control and/or inappropriate use of control system network bandwidth for non-control purposes
  7. Insufficient application of tools to detect and report on anomalous or inappropriate activity
  8. Unauthorized or inappropriate applications or devices on control system networks
  9. Control systems command and control data not authenticated
  10. Inadequately managed, designed, or implemented critical support infrastructure

2 Responses to “Blog – Today’s Security Risks”

  1. Sixta Heater says:
    April 10, 2011 at 18:37

    I’ve been searching for the info about this.I am very lucky to get this from you.It will help a lot.

  2. Administrator says:
    November 29, 2011 at 00:40

    I am glad it helps. I was about to take this down when I found out that it drew a lot attention.

Leave a Reply