Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Need Cited for Action on Cyber Threat
Experts Cite Need for Obama's Cybersecurity Action
Experts Cite Need for Obama's Cybersecurity Action
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
President Obama on Tuesday signed an executive order to strengthen the cybersecurity of critical infrastructure by increasing information sharing and by jointly developing and implementing a framework of cybersecurity practices with industry partners. How is the technology industry responding?

Lawrence Reusing, general manager of mobile security at Imation, told us it's not news to say we live in a dangerous world -- but we are in a world that's becoming more and more interconnected every day. He pointed to a reality where organizations are being targeted through remote attacks and their employees are also being targeted as travelers so they can bring malicious threats back into the organization.

"For that reason, we need to be ever vigilant in protecting ourselves from the types of attacks -- and attack vectors -- emerging within the world we live in. The United States must take a leadership position by defining policies and procedures so that our critical infrastructure is protected," Reusing said, noting this includes making sure that nefarious interests cannot directly compromise our systems and that our own government employees are protected from themselves.

"As we've seen on more than one occasion, government employees have inadvertently carried malware and other malicious software into their work areas and have accidentally installed that software onto public IT infrastructure," Reusing said. "The security industry needs to give organizations an advantage over malicious software. A comprehensive approach to cybersecurity will address these and other scenarios."

Public-Private Partnerships

Bill Morrow, CEO of Quarri Technologies, told us recent cyberattacks targeting several high-profile media companies and government agencies provides further proof that nation-states' threats are real. Not surprisingly, he said, criminals today are carrying out very targeted and efficient attacks and are becoming more brazen.

"There is a once-in-a-generation opportunity for our leaders in public and private industry to come together in the coming weeks in an effort to put measures in place to help minimize network risks to critical infrastructure that could occur in the future," Morrow said. "There are also a number of steps the private and public sector can take in what I would call preventative medicine."

First, he argued, it is imperative that private and public industry get a better handle on which threats are the most harmful to our own interests in the United States, as this will allow us to allocate resources in the right places. Second, he continued, private industry is a leader in innovation and many of the best IT security products in the world have been developed within our borders.

"We need private industry to continue being innovators, as next-generation products are the key in the fight against cyber terrorists," Morrow said. "Our government plays a leading role in determining when disruptions or damage to critical infrastructure such as banking systems, water treatment plants, SCADA [supervisory control and data acquisition] systems, and air traffic control are occurring, and can then quickly and efficiently work in conjunction with private industry to diagnose and mitigate risk as quickly as possible."

Proceed with Caution

Obama's order, implemented after months of frustration at getting Congress to pass cybersecurity legislation, directs government agencies, to develop voluntary cybersecurity standards for companies operating the nation's vital infrastructure, such as power grids and air traffic control systems. It instructs the agencies to consider including those standards in regulations.

Tom Cross, director of security research at Lancope, told us over the past few years, computer-based espionage and sabotage of facilities has become increasingly brazen. He pointed to malware like Stuxnet, which demonstrates that computer software designed to break plant equipment is not science fiction.

"Many people believe that industrial control systems are impervious to attack because they are 'air-gapped' from the Internet," he said. "In practice this is rarely the case. There are a variety of interconnection points that find their way into these networks as they grow, to provide access to data and keep software updated, and malicious software can cross these interconnection points."

He agreed that the vulnerability of our critical infrastructure to computer attacks is a national security concern, and that it makes sense for the government to take steps that help ensure that these facilities are protected.

"The U.S. government has access to information about attack activity and best practices that operators need to adequately protect themselves. However, the devil is in the details," Cross said. "Overzealous regulations can hamper efforts to protect computer systems rather than aiding them, by creating barriers instead of breaking them down, or by introducing civil liberties concerns that have unintended consequences. Although action is needed, it is just as important that those actions be taken with care."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Since the major processor-based Spectre and Meltdown vulnerabilities came to light recently, technology firms have been working to develop and deploy patches across millions, if not billions, of devices.

Another password bug has been uncovered in macOS High Sierra, and while it's not nearly as serious as the one that cropped up late last year, it's still highly embarrassing for Apple.

© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.