This week, Reliance acsn’s first selected article focuses on the threat of malware on systems that control industrial processes and critical national infrastructure. Well intended, but possibly naïve, actions to embrace evolving technology and deliver operational efficiencies have been the design motive for connecting these systems. However, they were originally designed to be based on physical and electronic isolation.
Industrial control, Infrastructure control, Railway control and Road Traffic control are all, in theory, vulnerable candidates. The introduction of vulnerabilities truly depends on the robustness of safety and technical governance within the organisation. Those with doubts should isolate their legacy systems and put in place more manual processes until they have addressed the more expensive challenge of a security-orientated architecture.
The second article suggests that we find ourselves in a moment of calm before the storm in that the bad guys are currently gathering data and scanning before they unleash some potentially devastating storms. We should also be paying attention to novel social engineering techniques and must therefore ensure that not only our employees but our family members – everyone, takes the time to ensure they are safe so that we can all be safe.
The third piece we have selected highlights the need for a new breed of security services as we move to the cloud. In fact, the principle remains constant; know your assets – what they are and where they are and protect them. It is how you do this that has changed. Traditional perimeter protection and use of “appliances” is no longer appropriate.
Our final article reports on the analysis that over half the open source components used in popular applications have not been updated to the latest version by the application developers. This inevitably means, many applications contain well known vulnerabilities. Let’s be tough and challenge our application suppliers to ensure that all their open source components are up to date!
Have a look at the top cyber news items reflecting the mood of the market in our weekly newsletter.