How is the Security Industry Responding to Infrastructure Threats?

Blog Date: 6/1/2017
Author: Ray Coulombe

The Bowman Avenue Dam in suburban Westchester County, NY, is a small, unassuming dam. The opening is about as wide as a living room and it’s only 20 feet tall. The dam basically keeps a small creek, called Blind Brook, from flooding local basements of suburban houses downstream in Rye Brook, NY.

So why is it noted as one of the biggest international hacking cases of 2013? One of the reasons is that seven Iranian computer hackers penetrated the dam’s computer-guided control system. They did this on behalf on their country’s Revolutionary Guard Corps, which was part of the larger plot that breached about 46 of the nation’s largest financial institutions and blocked hundreds of thousands of customers from their online bank accounts.

Many are questioning why this small, village dam was singled out as part of this major cyber-attack: One idea is that the dam in Rye Brook was a test run for, say, a larger dam or other control system, where a compromise could have disastrous consequences.

Another is that the Iranian hackers confused the Bowman Avenue Dam with the larger and closely named Arthur R. Bowman Dam on the Crooked River in Oregon. This dam is nearly 245 feet tall and 800 feet long—quite a difference when compared to a neighborhood creek.

More than 57,000 industrial control systems (known as SCADA – Supervisory Control and Data Acquisition) are connected to the Internet in our country, many with similarly conceived control systems.

Luckily, all plans around the Bowman Avenue Dam were thwarted as the dam control system was under repair when the attackers attempted to reach the water-flow valves. We may not be so lucky next time, or perhaps there’s an effective exploit waiting to be launched. And as security professionals, we need to think about what other internet-connected infrastructures could potentially be hacked into to cause a major disturbance? In the case of the Bowman Dam, an insecure cellular modem was the entry point.

Businesses, take note of this breach and use it as a security lesson cyber security is holistic and far-reaching—it clearly covers more than just your digital data. Think "Defense in Depth" and don’t stop thinking about it.

Resource Blogs

Most Recent Blog List for Blog Author: Ray Coulombe

Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->

Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->

Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->

Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->

A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->

Resources

SecuritySpecifers.com Videos

Author

Blog Authors