Security experts: Critical Infrastructure networks cannot be effectively protected

Source: Internet
Author: User

Physical intrusion, malicious it, and lack of good defense technologies make it difficult to effectively protect critical infrastructure networks.

According to some security experts, helping water supply facilities, power plants and manufacturing operate and manage critical infrastructure networks is more vulnerable to a series of different threats than most information technology systems, it is difficult to defend against certain types of attacks.

"For information security management personnel, they only need to worry about malware, vulnerabilities, and external attackers, while operating technology (OT) security management personnel must be more worried about physical intrusion, malicious employees, and internal security boundaries built by unauthorized information technology ". Michael Phillips, head of corporate information security at centerpoint energy, said during the RSA Security Conference in San Francisco.

Most Critical Infrastructure networks are trying to isolate it from ot for independent operations. "In a typical ot Environment, Physical access is still a greater risk for us ." Phillips said.

The security of critical infrastructure has become a major problem facing countries. Previous cybercriminals and hackers used the Stuxnet worm to launch attacks against Iran's nuclear facility, which has shown the world its ability to attack Industrial Control Systems (ICS.

Since then, security researchers have been increasingly concentrated in the use of popular monitoring and control protocols to find technical vulnerabilities, known as supervisory control and data collection, or SCADA. In 2013, more than 20 SCADA vulnerabilities were discovered and reported to HP's zero day rewards program, two times that of the previous year.

Through phishing emails, attackers have a 18% success rate of entering the company's critical infrastructure. On average, they only need 2 to obtain the key domain controllers on the IT network? 4 hours.

At the RSA Conference, many security vendors were promoting their latest defense technologies. "Most of these products are not suitable for industrial control and operation environments. Because most security products are designed for information networks rather than operation networks ." Scott Saunders, information security officer of Sacramento, informed attendees. "They seem to be very powerful, but the environment we face is not connected to it environments with traditional malware. We can detect traditional malware, but we can never detect anything in our system environment ."

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.