According to a recent newsletter from Invensys, responses to cyber-attacks on America’s critical infrastructure by the Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT), a department of Homeland Security, rose by 52 percent in 2012. The biggest target was energy firms, accounting for 40 percent of attacks. Also on the list of industry sectors that fell victim to cyber-attacks in 2012 are the water sector, oil and natural gas sectors, nuclear sectors and chemical organizations. The frequency of these attacks is expected to increase, making the cyber security of America’s infrastructure firms paramount.
Using the internet can often be a necessary evil. One the one hand, it allows people to communicate instantly across countries any time of day. In our world, where entire businesses can be created and maintained online, these same businesses can be taken over by hackers with malicious intent.
Control systems devices that are directly connected or controlled through the internet are of particular concern to ICS-CERT, as malicious control over these systems could have catastrophic consequences. Consider a simple boiler, with control systems that enable a delicate combustion process to safely produce steam. If something happened to the formula, or if the burner or fan cannot be turned off when they need to, serious injury can result to the boiler and to plant employees.
This issue is so serious, the United States has an entire division, the National Cyber Security Division, to protect the U.S. from and fight against cyber-attacks. Cyber security is a national security issue, with recent news reports claiming The New York Times was hacked by Chinese hackers. In 2012, Iran is allegedly responsible for a large number of cyber-attacks against major U.S. banks. Cyber security is now more than simply guarding files or even guarding a business. Increasingly, cyber security is essential for protection against terrorist, be they local or abroad.
The looming question, then, is what to do at your business. The first step is to have solid policies and procedures in place that every employee is trained in. About 25 percent of malware attacks came from USB drives. In addition, no matter how much money you throw at cyber security, none of it matters if you don’t have employee compliance. Making sure procedures are in place and are followed can be greater security than any program you pay for.
Securing your control systems is also crucial. This can be done through remote support systems, such as our diagnostic support we provide, code named SORA. In this way, the internet connection used by the control systems is no longer your responsibility. It is the responsibility of the remote support provider. With such a system in place, even if malicious software makes it onto your business computers, it won’t be able to access your control systems and a certain amount of safety can be maintained.
Another great cyber security tip is what the Invensys newsletter calls “defense in-depth” security. This type of security involves have multiple security programs working on one system, where one programs vulnerability is made up for by having an additional program that does not have that vulnerability.
Lastly, secure passwords are a must. Someone with malicious intent has no need to use viruses or hacking software if they know the password they need to gain access to the system. Some sites, like Facebook and Google, are catching on. Facebook provides the option to have a text sent to the profile owner’s cellphone whenever an unauthorized computer accesses the account, allowing people to act quickly if they are not the ones accessing the profile. Google has an optional two step security measure on their email. After typing in the correct password, Google sends a secret code to the account holder’s cell phone. The number must be entered to access the account.
Even Apple can no longer claim its devices are spared from viruses and hackers. In the coming weeks, Synergy will be exploring the most popular free and paid security programs for computers and smartphones.
What type of security do you have at your home or business? Do you have any concerns going into 2013?