Skip Links

Critical Infrastructure under Siege from Cyber Attacks

McAfee report shows a rise in cyber attacks against critical infrastructure targets like utilities & communications providers

By Tony Bradley, PC World
January 28, 2010 06:01 PM ET

PC World - A new report from McAfee--In the Crossfire: Critical Infrastructure in the Age of Cyber War--suggests that the use of cyber-attacks as a strategic weapon by governments and political organizations is on the rise. The survey follows closely on the heels of the attacks on Google and a number of other companies, which Google has declared were initiated by the government of China itself.

The exposure and vulnerability of the nation's critical infrastructure--utilities, communications, etc.--has been a source of many fictitious attacks in cyber-thrillers. Black Ice , by Dan Verton, detailed a fictitious attack, then described tests and exercises conducted by the government illustrating our lack of readiness.

The government is aware of the realities both in terms of how a well-orchestrated attack against the critical infrastructure could cripple our nation, as well as what a tremendous asset such an attack could be prior to launching a military attack against an enemy.

Critical Infrastructure Attacks

The survey conducted by McAfee, and written by the Center for Strategic and International Studies, found that the oil and gas sectors experience more DDoS (distributed denial-of-service) and extortion attacks than other infrastructure sectors.

Interestingly, the United States and China stand out as the "most feared" sources of such cyber-attacks, and respondents from China and the United States both listed the other nation as its primary concern.

The study found that more than a third of the critical infrastructure organizations do no patch or update software on a regular basis, exposing them to a wide variety of known-vulnerabilities with active exploits. It also found that usernames and passwords are still the most common form of authentication used.

Joris Evers, a security specialist with McAfee, responded to me via e-mail to explain that "the majority of respondents believe that there is a government sponsor behind the attacks on critical infrastructure in their country. Moreover, the United States was identified most frequently as the potential source of attacks, followed closely by China."

Evers went on to say "We believe that governments around the world are building up their offensive security capabilities. Leaders in this area, as identified in our 2009 Virtual Criminology Report, are the U.S., Russia, France, Israel and China, in no particular order. Cyber is part of the arsenal governmental, political, and terrorist organizations want to have at their disposal."

Reality or Hype?

Words like cyberterrorism and cyberwar have been tossed around for a number of years, but many security experts have dismissed them as hype and FUD (fear, uncertainty, and doubt) perpetuated by the media and security vendors, and aimed at fear-mongering. Perhaps that was then, this is now?

Some respected security experts, like Marcus Ranum, still don't buy it, though. In slightly more colorful language than I can quote here, Mr. Ranum informed me that he finds the whole concept of state-sponsored cyber-attacks, and reports that China has an army of "cyberspies" responsible for the Google hack, completely ludicrous.

Originally published on www.pcworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News