2012年5月28日星期一

Die Hard 4 reveals a real threat

Diligence and gritty determination may have helped Eugene Kaspersky become one of the software world's most successful entrepreneurs, but there's one thing the antivirus king can't bear: Die Hard 4.0.

"I watched the movie for 20 minutes, then pressed pause, got a cigarette and a glass of Scotch. To me it was really scary: they were talking about real scenarios. It was like a user guide for cyber terrorists. I hated that movie," the flamboyant Russian entrepreneur says.

The popular 2007 action film pits Bruce Willis' character, John McClane, against a domestic terrorist who's bent on launching a large-scale cyber attack that would disable financial markets, traffic lights, and other computer-controlled infrastructure across the United States.

For most viewers, it was nothing more than a fast-paced popcorn flick combining macho bravura with implausible technobabble. For Kaspersky it represented the popularisation of a relatively new mode of cyber attack that has now emerged as a real threat.

"We came to the [potential] of cyber terrorist attacks years before Die Hard 4.0," explains Kaspersky, the co-founder and chief executive of security firm Kaspersky Labs. "But it was forbidden in my company to explain it to journalists, because I didn't want to open Pandora's Box. I didn't want to let people think that my business is the business of fear. And I didn't want the bad guys to learn from these ideas."

His "silence" wasn't enough: as at least one high-profile hacking attack has recently shown, industrial control systems – and, in particular, SCADA (Supervisory Control and Data Acquisition) systems used to monitor and manage physical plant processes - can be a target of interest for a number of attackers, from hackers to military operations.

Because of their mission-critical nature, SCADA systems traditionally run on separate data networks with no internet or intranet connectivity. However, some have been brought online, to enable remote access and control.

Their security environments are often managed separately to those of the general enterprise, and they often run on different operating systems that aren't updated as often as enterprise software, leading some experts to believe SCADA systems present potential holes in the cyber defences of critical infrastructure operations.

The threat became clear in mid 2010 as the notorious Stuxnet worm spread across Windows desktops inside Iran's nuclear facilities, until it found systems running Step-7. The software application from German giant Siemens manages SCADA programmable logic controllers (PLCs) that control industrial process lines. It is believed Stuxnet then grant itself root access and reconfigured SCADA systems that met certain specific criteria.

An incident in 2000 brought SCADA sabotage to our shores as Queensland-based former Maroochy Shire Council (now Sunshine Coast Council) was forced to deal with attacks from disgruntled SCADA contractor Vitek Boden, whose work with a laptop and radio transmitter flooded parks, rivers, and a local hotel with 800,000 litres of raw sewage.

While isolated, these events remain a threat, says Bill Holder, a SCADA security expert.

"The threat from hackers is real," he explains, arguing that infrastructure authorities should build security controls at every level of the infrastructure to limit their exposure to major attacks.

"Catastrophic failure is one end of the scale, and is the type of thing that fail-safe [measures] and monitoring would mitigate. The idea of security is that it is not added on after everything else is done; it should be part of the overall design and development," Holder says.

没有评论:

发表评论