Protecting infrastructureCyber threats now targeting traditional companies
Published 12 November 2009
U.S. companies, even small and medium size, are more and more exposed to cyber threats from organized crime, foreign intelligence services, and probably terrorist organizations; 85 percent of U.S. critical infrastructure is owned and operated by private companies -- and these companies are especially vulnerable to determined attacks which may ruin or seriously disrupt company operations
The FBI and the U.S. intelligence community know the threats that corporate America is under from both foreign intelligence services and global organized crime, but they typical business person probably does not. Tom Patterson, chief security officer at MagTek, writes in Computerworld that these combined communities do a commendable job understanding potential threats to business information systems, ranging from corporate espionage, insider threats, organized crime, theft of property, and even foreign government attacks. What they have not yet mastered, though, is how best to use this information to reach out and help the million small and mid-sized companies that make up the bulk of America’s critical infrastructure.
Patterson notes that the government has divided these companies vital to America’s overall economy into 17 sectors, including:
- Information technology
- Telecommunications
- Chemicals
- Transportation systems, including mass transit, aviation, maritime, ground/surface, and rail and pipeline systems
- Emergency services
- Postal and shipping services
- Agriculture, food (meat, poultry, egg products)
- Public health, health care, and food (other than meat, poultry, egg products)
- Drinking water and waste water treatment systems
- Energy, including the production refining, storage, and distribution of oil and gas, and electric power
- Banking and finance
- National monuments and icons
- Defense industrial base
Any one of these sectors is vulnerable to a determined attack that could seriously ruin your day, and definitely degrade our quality of life. “Even more distressing is that each sector is made up of tens of thousands of small businesses that have never received a call from Washington warning them about what to watch out for and informing them of their recourse actions,” Patterson writes.
If your company works in a critical infrastructure sector (read more here from DHS), you face greater threats than the shops down the street making pizza, pillows, or perfume. If your business is directly or indirectly working in any one of these 17 sectors, there are foreign intelligence services from nations both friendly and not so friendly that are looking at you as domino in a line to destabilize America. By definition, your risks are both broader and deeper than you suspect. “So when you devise and execute your security plans, take time to appreciate these additional threats and account for them in your plans. If not for your country, do it for your own bottom line,’ Patterson writes.
The best place to start is by joining the local chapter of Infragard.org, which started out as a combined outreach effort from the Secret Service and FBI and now is an independent non-profit that has very strong ties with the FBI. Also, each of these 18 sectors have Information Sharing and Analysis Centers (ISAC), which share sector-specific critical security information among the members.
Right now, the financial services sector is probably the most well organized of the 18 sectors through their FS/ISAC group, and is moving proactively to shut down threats and close security gaps where they find them, even moving now toward shutting down the risks from counterfeit credit/debit cards that banks and merchants face by implementing a system that can detect fraudulent cards.
