Advertisement

You will be redirected to the page you want to view in  seconds.

Even the basics of cyber protection are a struggle

Sep. 18, 2013 - 03:45AM   |  
By KEVIN COLEMAN   |   Comments
  • Filed Under

The U.S. Department of Homeland Security has the responsibility of working with the owner/operators of our country’s critical infrastructure (CI) assets, in order to protect these systems from the increasing threats emanating from cyberspace.

They track these assets but the exact number of CI assets is designated by DHS “For Official Use Only,” so it can’t be reported here. Needless to say, many of the CI assets DHS has identified have some sort of electronic controls associated with them.

In late June, US-CERT issued a cybersecurity alert warning of the danger of not changing the vendors’ default passwords on Internet connected devices. What many cybersecurity practitioners would call the basics are all too common problems that expose our critical infrastructure to hostile actions by cyber attackers.

Add to that what took place at a cyber threat briefing given to a CIO and his staff at a critical infrastructure provider. One of the CIO’s direct reports stated that most of the patches released by commercial software vendors cannot be applied because “they break things.” It did not appear from the conversation that there was any remediation of those systems so that the patches could be applied.

Those commercial software patches often correct vulnerabilities that have been exploited by cyber attackers in the past. Even more concerning is that even after this exposure/risk was highlighted, there was no sense of urgency to address the issue.

Changing default passwords and routinely applying commercial software patches are basic aspects when it comes to modern system security. If our nation’s critical infrastructure providers are struggling with those basics, you have to wonder if any of our critical systems are really prepared for the cyber threats we face today.

More In C4ISR & Networks

Start your day with a roundup of top defense news.

Subscribe!

Subscribe!

Login to This Week's Digital Edition

Subscribe for Print or Digital delivery today!

Exclusive Events Coverage

In-depth news and multimedia coverage of industry trade shows and conferences.

TRADE SHOWS:

CONFERENCES:

Defensenews TV

  • Sign-up to receive weekly email updates about Vago's guests and the topics they will discuss.