"Critical Infrastructure Attacks: Understanding the Common Thread"

We've all read the cyber-attack and data breach headlines about Stuxnet, Flame, Shamoon, and most recently, Red October. Critical infrastructure cyber attacks were even a focus of the President Obama's State of the Union Address. Organizations that operate critical infrastructure – including oil and gas companies, utilities, nuclear facilities, and more – is well aware it's under attack. The problem right now is that many of these organizations are struggling to figure out how the protect themselves from potentially devastating attacks."

Quelle: AolEnergy vom 10.04.13

Industry Control Systems (ICS) Were Not Built for Security

To secure our critical infrastructure, we need to first examine the problem and figure out why these industries are now susceptible to a growing number of advanced attacks. The fact is, most Operational Technology (OT) (which include SCADA systems, Industrial Control Systems, etc.) were not designed with security in mind. As a result, these systems inherently have a number of security vulnerabilities and that was acceptable while these systems were isolated.

The problems these industries face started when OT environments were connected with traditional IT systems and corporate networks.

These systems were built to be segregated – they were not built to address the security issues that arise when you connect to a network.

Vernetzung steigert die Komplexität und führt damit zu unvorhergesehenen Entwicklungen und Auswirkungen ... 

Zwei Zitate, die es immer wieder auf den Punkt bringen:

"Probleme kann man niemals mit derselben Denkweise lösen, durch die sie entstanden sind."

Alfred Einstein

"The greatest danger in times of turbulence is not the turbulence; it is to act with yesterday’s logic." 

Peter Drucker