Dealing With the Physical Threat of Cyber-AttacksBy Guest Author | Posted 2016-03-10 Email Print
WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
A cyber-terrorist could wreak havoc by exploiting vulnerabilities in the ever-increasing connectivity of smart devices and their mechanical counterparts.
Minimizing the Physical Threats of Cyber-Attacks
So, how can we minimize this physical threat from cyber-attacks?
First, the most important thing to do is to develop and maintain awareness. A basic understanding of the kind of threat that’s out there can give you and your staff the drive to install updates and patches from manufacturers as they become available.
It’s also important to be aware that more mobile devices are connected to each other and to the Internet, so don’t spend all your time securing your laptop at the expense of your smartphone or wireless router. And managers need to ensure that employees understand and follow this process.
Finally, if you’re overly concerned and have money in the budget, you might want to seek out a cyber-security expert who can assess your risk and offer ways to mitigate it.
For the regulators, owners and operators of critical infrastructure, the burden of defending against the physical threat is heavy. The most effective way to do this is to consider worker safety and cyber-security as the same goal.
Thanks to the risks associated with operating heavy machinery, plants and factories are required to maintain stringent safety standards. But that consensus is absent when it comes to securing control systems because most industries don’t yet fully appreciate the real risks workers face (and their company's bottom line) from compromised machinery. But, the safety consensus is absent when it comes to securing control systems because most industries don’t fully appreciate the risk compromised machinery poses to workers—and a company’s bottom line.
Second, the general practice right now is to have an IT team secure networks, while engineers manage industrial control systems. This gap needs to be bridged so that adequate resources are used to secure the software that controls equipment.
Lastly, though the onus for combating evolving threats falls rightfully on the firms themselves, only federal regulation can pull together the patchwork of local cyber-security standards that govern thousands of American utility companies to a much-needed higher level.
The one bright spot is that unlike electric grids and automated controls—which developed in the absence of cyber-threats—the Internet of things is still in its infancy. As a result, the IoT can grow up responsive to the challenging security environment that older industries are still struggling to comprehend.
So, while the physical threat of cyber-attacks is real and growing, we may be well-positioned to combat them.
Thomas Boyden is a managing director of Global Risk Advisors, an information security firm specializing in network defense, risk mitigation and incident response.