Cyberspace in the 21st Century demands that organisations know where their information is, how secure it is and what measures are necessary, or sufficient, for effective data protection? The Senetas Leadership team comes together to share news and views related to information security and data protection in the face of new and emerging cyber threats. They comment on the latest trends and business strategies that minimise the risk to personal and corporate information.
Your comments are welcome.
By Stuart Bell
Well time goes on and so do reports of increasingly sophisticated breaches in data security. The potential consequences escalate and the ease with which an attack can be planned and executed is more pervasive and personal.
Market focus is rapidly moving from securing information network infrastructure to securing data used to manage and control infrastructure at utilities – gas, water, power grids…most are controlled remotely over various data networks.
What does this mean?
Many businesses operate with the most modern commercial business solutions and overlook the risk posed by 20 year old plant systems that rely on historically poor or non-existent security.
The breach outlined in the article was discovered after a pump burnt out even though there was no interruption to the service. It is clear that hackers - reported by Illinois State-wide Terrorism and Intelligence Center as emanating from Russia - were testing to either prove they could break in or were waiting for all the pieces of the jigsaw to be in place before activating their plan.
Either way people are now beginning to wake to the fact that there are oodles of infrastructure in the world that is not secure and many have the potential to seriously impact on our quality of life.
“Your Majesty – the moat has failed again!” Perimeter security has passed its use-by date.
What should be done?
Assess the level of risk your organisation (or you as its leader) really face, by seeking professional independent advice. Act on the advice in a manner appropriate to the real risk after evaluating the effectiveness of existing controls.
Consider whether it is most effective to protect by securing the data, establishing a physical barrier or a combination. Perhaps you are one of the few who are adequately protected – congratulations!
Give serious consideration to securing all data using encryption, assess the point of presence in your network where encryption is deployed and review as part of business risk processes.
Remember!
Business owns the data and process control data is a critical business item. It’s a business issue not a technology one!
The “Circle of Trust” should be examined from the perspective of zero trust:
- Draw a line in the sand by developing a plan of action
- Assess the risks
- Act accordingly
- Accept that whilst you are doing this you may be required to operate two networks in parallel – the old un-trusted unsecure one and the new appropriately protected one; and
- Ensure your review includes process control systems and operational systems that you may wish to embrace for complete operational management in the future.
Stuart.
Comments
Post has no comments.