Stratfor cyberattack adds an exclamation point to ‘Year of the Hack’
The 'hack and extract' attack on the strategic think tank Stratfor will only contribute to the public and media awareness of cybercrime that has grown throughout 2011.
(Page 3 of 3)
Despite the existence of a global cybersecurity industry whose cumulative worth is estimated to be $80 billion, the advantage is clearly with attackers. The modern Internet was created for scientists and researchers to share information without security features. Commercial enterprises and governments latched on and soared – but have never made their users accountable or identifiable. There are many ways to mask computer access. The result: near total anonymity for sophisticated hackers.Skip to next paragraph
Subscribe Today to the Monitor
“Our global interconnectedness and digitization of information has contributed heavily to our never-ending security woes,” writes John Bumgarner, chief technology officer for the US Cyber Consequences Unit, a nonprofit cyberwarfare think tank says in an e-mail interview. “Nation-state actors, transnational cyberfundamentalists, and cybercriminals operate nearly unopposed in cyberspace.”
Traditional cyberdefenses need to be greatly improved, because attackers in the coming years will not only increase the stealthiness and virulent nature of their wares, but also improve on precision targeting that will be difficult to counter, he writes.
“Anything inside or attached (wired or wirelessly) to a computer, mobile device, gaming system, or Internet-enabled television can and will be targeted in the future,” he notes.
Lack of international cybersecurity cooperation among nations, including even those with well-established treaties, is a major problem, cybersecurity experts say. Another factor feeding the fire: key technology vendors that don’t collaborate enough among themselves.
But it’s critical infrastructures, such as electrical utilities, that need the most attention, including rethinking engineering specifications of key components – including generators – to reduce unintentional and intentional incidents from impacting not only their business operations, but also national security, these cyber securityexperts say.
Shell engineers in Doha admitted publicly the tremendous damage cyberattacks could do if a hacker were able to access the computerized systems that control the opening and closing of release valves.
“You can imagine what happens,” said Ludolf Luehmann, an IT manager at Shell Europe told the World Petroleum Congress in Doha in December. “It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage – huge, huge damage.”
That sort of comment indicates that big companies that have long seen cybersecurity as a “cost center” with few benefits may now be starting to move more swiftly to secure their systems, some experts say.
The Doha statement is “huge,” writes Allan Paller, research director for the Sans Institute, a computer security education organization in Bethesda, Md in an e-mail. “Those companies used to pretend there was no cyber problem. Now they are acting, jointly to fix it – at scale.”
Get daily or weekly updates from CSMonitor.com delivered to your inbox. Sign up today.