The security risks posed by interconnected systems

The growing reliance on interconnected systems coupled with the failure to provide personnel adequate security training exposes many government and military organizations to serious security threats.

Cybercrime syndicates as well as so-called hacktivist groups continue to develop and fine-tune techniques aimed at extracting sensitive information using weak passwords and social media activities of personnel, warned Bryan Lillie, chief technical officer of United Kingdom-based defense technology company QinetiQ.

“Integration of systems means successful attacks against one system can provide access to another system,” Lillie explained during his presentation on the dangers of connected systems at the recently concluded Best Defense 2015 conference presented by the London Economic Development Corp. in London, Ont. “Systems that were once self-contained are now configured and controlled via Internet connected systems…Where are the boundaries in connected systems? There really isn’t one.”

He also said attackers often employ a combination of physical and cyber-attacks.

For instance, in 2011 the hacktivist group Anonymous carried out an online attack and stage a physical protest targeting San Francisco’s Bay Area Rapid Transit (BART) system. The result was massive disruption of the ground-based public transportation system that included the closure of four transit stations and the shutdown of cellular phone services in tunnels and stations.

While interconnected and interdependent systems have increased the vulnerability of organizations, insider threats posed by human behaviour and vulnerabilities to social engineering tactics remain a cause of concern even in work environments that are supposed to be highly-secured.

Recently, he said, cyber-spies created a fake Facebook page for United States Admiral James Stavridis, the supreme allied commander of the North Atlantic Treaty Organization (NATO). Several British military and government officials were duped into accepting a Facebook friend request from the bogus Facebook page.

Attackers find it easy to gain access to corporate and government networks and steal sensitive data because of:

Lillie said chief security officers (CSOs) can lessen the cyber-risk exposure of their organizations by asking themselves the following questions:

Lillie said organizations need to exert focus greater effort in educating staff on security, integrating physical and cyber security as well as continually measuring and testing system performance and protection.

Related posts

CAF member found not guilty of sex assault charges

Stewart Downing
January 6, 2017

MDA to provide DND with Raven UAV

October 29, 2013

LGen Michael Rouleau takes command of CJOC

Marcello Sukhdeo
June 14, 2018
Exit mobile version