Cisco CSO John Stewart was talking about the influence that the computer worm, Stuxnet, has had on corporate networks and how to protect against it. The Stuxnet worm does not try to go after problems that a computer or network already has. It tries to create new problems by targeting the way a system should work and it is able to disrupt an entire operation. Though it wasn’t designed to target a specific problem within a computer or network it was designed to target a particular computer system, the SCADA System.
SCADA systems control different types of infrastructures, including water, gas, and oil valves as well as street and stop lights and the power grid or cities. The main problem with Stuxnet is that it has been placed on computer systems through USB drives, which Stewart says that Cisco does not control against its workers using USB drives.
He compared protecting a network to protecting a house in saying that minor viruses are like a house getting egged and then a Stuxnet virus is like a sniper shooting someone through the house. With the egging, it is fast and easy to repair but the sniper is much harder to fix because someone usually gets hurt. He says attacks occur nearly every second of every day on most companies and the hard part is figuring out if it is a minor virus or a big problem like Stuxnet, which even major companies have trouble protecting against.
Protecting a computer is a difficult task and it is very annoying because it seems like it takes so much time, money and effort to protect a computer or a computer network. On top of that it is even more discouraging because even with all of the time and money put into it, a network can still get a virus that completely ruins it.
For most individual computer users we probably don’t have to worry too much because the people who are smart enough to get a virus on a major company’s network won’t waste their time with individuals. However we do have to worry about a company, maybe a bank that we use getting viruses from people smart enough to ruin big networks. For instance our banks network could be down at a time we really need money. Even worse, if these worms can attack infrastructures then we have to worry about people who want to do harm to many people because if they wanted they could cause some serious damage to the infrastructures that run through most of our everyday lives.
http://www.businessweek.com/the_thread/techbeat/archives/2010/10/cisco_cso_john_stewart_on_fending_off_cyber_attacks.html
Wednesday, October 27, 2010
Subscribe to:
Post Comments (Atom)
Posts
It seems John Stewart is attempting to assign levels of severity to the consistent attacks against major corporations. In doing so, he acknowledges that some attacks are trivial and are not major concerns while others are bigger worry for companies. One of the attacks he addresses is the risk of using USB drives because of the computer worm, Stuxnet, that had infiltrated their system. In addressing the issue, Stewart felt that prohibiting the employees use of USB drives was not necessary. Further, he suggested he would rather have a system designed for monitoring and recognizing problems with data transfer than limiting hardware devices. Stewart explains that his company’s stance on security will be on the defense and repair level and that the overall idea of eliminating threats is a new age issue and is the responsibility of law enforcement agencies.
ReplyDelete