Technologically, the recent Stuxnet worm has taught the industry nothing. What is interesting about Stuxnet is its target and potential impact. For the first time, instead of a loss of money, it's a question of a potential loss of lives.
So said Steve Purser, head of the technical competence department at the European Network and Information Security Agency (ENISA), speaking during a media roundtable at Symantec's 2010 Vision conference, in Barcelona, this week.
“Make no mistake, the threat is real,” said Purser. ENISA's mission is to achieve a high and effective level of information security in Europe. The organisation assists the European Commission, member states and the business community to address, respond to and prevent information security threats.
Also present at the roundtable, Ilias Chantzos, director GR EMEA & APJ at Symantec, said terrorist-related attacks have a different gravity or sensitivity, certainly from a national security standpoint. “In a global situation you need international collaboration.”
Chantzos said several months ago, Symantec predicted an attack of this nature. What followed was Stuxnet, they just didn't realise it would happen so soon. “What is next?” he asked. “It's impossible to say. A successful attack would be the worst case scenario. There is no way to accurately predict what it will be, or where it would come from. The key point here is that we have seen one instance of a politically motivated attack; we now know it is possible.
“In order to know how to prevent it, or to recognise the signs, you would have to know the objectives of the attacker. There are a number of hypotheses, its impossible to say with any certainty.”
In fact, he said there could be similar worms of equal threat out there already, living on host computers that people are unaware of. What is important, he said, is in the event of an attack, to be able to act quickly and recover.
Purser agreed, and said this is where collaboration between nations and agencies is vital. He said ENISA is in the process of testing several points key to taking fast action in the event of an attack like Stuxnet.
“Firstly, do people know who to call? Secondly, when they call, how well do they understand the organisation on the other end's mandate and decision making power?”
Lastly he said they will test the use of correct information channels.
“It is also vital to identify what is the most critical information that needs protecting. Those who protect everything, protect nothing. Resilience is as important as protection, protect the right information and assets. We will be attacked. We need to make sure we can recover,” stated Purser.
Chantzos agreed, and added that future attack is a certainty for several reasons. “Take the recent Stuxnet worm as an example. It was unique. It is complex and carefully designed using four vulnerabilities. It was the first worm targeting SCADA systems that monitor and control industrial, infrastructure, or facility-based processes.
“It was the first attack with a kinetic affect, and while it taught us nothing technologically, it taught us a lot about the people behind it,” he explained.
He said to carry out an attack of this nature, a team of five to 10 people would be needed. They would have had to have spent around six months researching the four vulnerabilities that they exploited. They had to have access to, and intimate knowledge of, SCADA systems. “They could be a well-funded criminal organisation or a nation state - that much is certain.”
Share
