Kaspersky Warns of Critical Infrastructure Vulnerabilities

Friday, May 18, 2012



Eugene Kaspersky is warning that systems that control critical infrastructure are beyond vulnerable to cyber attacks.

“It’s not possible to protect. Stuxnet told us that modern systems are not protected at all. SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere,” Kaspersky said at an AusCERT event.

Stuxnet is a highly sophisticated designer-virus that infects systems which provide operations control for production networks, and leading theories indicate that the malware was probably specifically produced to stifle Iran's nuclear weapons ambitions.

The Stuxnet virus attacks, which targeted Siemens Programmable Logic Controllers (PLCs), are thought to have caused severe damage to Iranian uranium enrichment facilities and reportedly set back the nation's nuclear program by as much as several years.

Kaspersky told the audience that we “need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure. Transportation, power-grids, power plants… it would take us back to the pre-electric era.”

Industrial Control Systems (ICS), which include supervisory control and data acquisition (SCADA) networks, administer operations for critical infrastructure and production including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

One of the main challenges in protecting these networks is the fact that these systems were not necessarily designed with cybersecurity in mind. Rather, the security solutions have been layered on in a piecemeal fashion after the networks were operational, leaving ample room for attackers to compromise their functionality.

“The only way to protect critical infrastructure – is to redesign SCADA systems based on a secure operating system. It is possible to do, but it requires a redesign of all the software for industrial systems,” Kaspersky said.

Kaspersky believes the onus is on government to lay the groundwork for a more secure infrastructure through better regulation and legislative measures, but advises at the same time that the initiatives not be Draconian in nature.

“Governments have to be leaders… they have to make this world more regulated, more secure. The good news is that finally they recognize that cybercrime is a very serious issue,” said Kasperky.

Kaspersky notes that budgetary limitations should not be an obstacle to better security, as his company estimates that cybercrime costs the work economy more than $100 billion every year.

“Because of cybercrime, we have the equivalent of two or three Japanese tsunamis a year” in overall economic losses Kaspersky claims.

Ultimately, the implementation of greater security measures to protect our critical infrastructure is an investment in future prosperity Kaspersky said.

“It’s our responsibility to design this world in a more secure way for our children,” Kaspersky concluded.

Source:  http://www.cso.com.au/article/424988/auscert_2012_kaspersky_says_cyber-attacks_could_take_us_back_pre-electric_era_/

Possibly Related Articles:
SCADA Vulnerabilities Cyber Security Stuxnet Headlines Network Security Infrastructure Kaspersky Industrial Control Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.