You are previewing premium content. Decoy networks, separation tactics part of AT&T security chief's infrastructure protection plans
Edward Amoroso's book, 'Cyber Attacks: Protecting National Infrastructure,' envisions massive data collection for purposes of security
As chief security officer at AT&T, Edward Amoroso has long observed how cyberattacks impact customer and service-provider networks. In his newly published book, Amoroso says it's time to unite to create the equivalent of a national cyber-protection shield to guard against attacks on industry and government networks by terrorists, state-sponsored attackers and plain old thieves.
Some of his ideas are controversial and bound to incite debates about privacy and practice. For instance in his book, "Cyber Attacks: Protecting National Infrastructure," Amoroso suggests using large-scale and coordinated collection of network-traffic data as well as security information from end-user desktops to pinpoint botnet-compromised computers, identify suspicious anomalies and trace attack paths.
IN DEPTH: Cyberattacks seen as top threat to zap U.S. power grid
Amoroso is essentially taking widely accepted organizational security practices and suggesting that they be scaled up to a national level to protect critical infrastructure industries, such as energy generation, banking, chemical and defense manufacturing and telecommunications.
"In my work at AT&T, I have a very unique vantage point," says Amoroso, who is a senior vice president and CSO at the telecommunications company. He says he's troubled by what he has seen for many years in critical network services, such as those for industrial SCADA systems in power-generation facilities, so exposed to network attacks due to improper access controls and connections.
After the terrorist attacks of Sept. 11, 2001, his sense of how vulnerable our national infrastructure services are only increased. Amoroso had already started writing a manuscript on the topic of national infrastructure protection, which would become his now-published "Cyber Attacks" book.
In it he writes: "The current risk of catastrophic cyber attack to national infrastructure must be viewed as extremely high, by any realistic means. Taking little or no action to reduce this risk would be a foolish national decision."
"There are attacks against data centers in many, many sectors where services are in place," says Amoroso about what he sees in his job at AT&T. "It's frightening when you think about a power plant. Do you need to understand the traffic going in and out of it?" The answer would seem to be a definite yes, but few companies of any stripe really grasp this, he says. When personnel at AT&T ask for permission to divert attack traffic coming at them from upstream — "it's diverting traffic away from a target" — more often than not, customers decline and still want it reach their gateway points.
Insider attacks are also far more commonplace in the enterprise than anyone would like to admit, Amoroso says. "People don't like to talk about it," he says. "The problem is coming from someone with legitimate access" who wants "to steal data useful to them."
In his book, Amoroso argues any national infrastructure protection program is going to require network-based firewalls on high-speed networks specifically managed by service providers to throttle distributed denial-of-service (DDoS) attacks and designed specifically for SCADA protocols.
Most Read
Videos
Rss FeedLatest News
Rss Feed
-
Network World, Inc
The Connected Enterprise