The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have been safety, compliance and reliability, while security has only become a factor very recently, a panel of security officers from telecom and utility operators said at the RSA Conference on Thursday.
The tighter focus on security in these environments is coinciding with what the panelists said was a major uptick in the amount of probing activity by attackers looking for weak points in the controls systems at utilities, telecom networks and other high-value targets.
“We’ve been seeing a huge increase in probing for SCADA systems, mainly originating from Asia,” said Jerry Dixon, the vice president for government affairs at InfraGard and the former director of US-CERT at the Department of Homeland Security. “These utilities have a thousand-plus people on their IT teams and maybe have three people doing security. There is a lot of interest in this space from the attackers. We’re seeing a lot of features and Ethernet ports being added to the control and management systems and people say that they don’t enable the ports, but we find that not to be the case.”
The high value of these targets, along with the relatively low barrier to entry that they present has made them very attractive to attackers. And the complex ways in which companies such as telecoms, power companies and others are connecting their public and private networks are creating unforeseen complexities and cascading security issues.
“What happens is people begin taking shortcuts when they’re interconnecting these networks and those begin to cause problems,” said Marcus Sachs, a former White House security adviser and the current executive director of government affairs and national security policy at Verizon. “What we’re seeing is people getting away from the private networks and moving toward these common carrier networks.”
The problem of interconnectivity also is affecting many of the non-PC devices that are now connected to networks, such as medical devices and other embedded devices.
“We’ve discovered medical devices in hospitals that are infected with Conficker,” Sachs said. “These are MRI machines and heart monitors that are infected. Why are these things interconnected? They’re trying to connect to remote servers to get updates.”