Protect your IT systems from terrorist exploitation

Protect your IT systems from terrorist exploitation

It often seems like the fight against IT attacks is a losing battle. No matter how secure your firewalls, how strict your IT security policies and how diligent you are to recognize anomalies, hackers find a way in.

If ever it feels like it’s not worth the battle, consider this: IT security may be a matter of national security.

While there will likely always be the risk of bombings and chemical attacks by terrorists, many experts are now more concerned about the likelihood of terrorists wreaking havoc through computer network attacks. And though IT security is still primarily focused on prevention of data theft, there is increasingly emphasis on securing networks against attacks that could disable infrastructure and threaten national security.

In 2014, researchers at Elon University and the Pew Internet Project asked technology innovators, entrepreneurs and other digital professionals whether there will be a major cyber attack that causes, “widespread harm to a nation’s security and capacity to defend itself and its people” by 2025. About 61 percent of respondents believed there will be.

Joel Brenner, former counsel to the National Security Agency, summarized these concerns in a column written for the Washington Post in October 2014:

“The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications. Pervasive connectivity has brought dramatic gains in productivity and pleasure but has created equally dramatic vulnerabilities. Huge heists of personal information are common, and cybertheft of intellectual property and infrastructure penetrations continue at a frightening pace.”

The evolving sophistication of attackers

No entities are completely secure from attack, as evidenced by last year’s successful attempts by hackers to gain access to the networks of the U.S. State Department and the White House. Other recent examples of potentially dangerous breaches include:

• In late 2014, malware dubbed BlackEnergy successfully infiltrated our nation’s critical infrastructure.
• In 2010, the most sophisticated virus developed to that point was discovered. Stuxnet was 50 times larger than a standard computer worm. Yet, it evaded detection because it was programmed with stolen digital certificates that made it appear as though it was a file from a reputable company.

Stuxnet included a highly specialized malware designed to target Siemens SCADA systems configured to control and monitor specific industrial processes. It exploited vulnerabilities that had not been identified by security experts, then spied on the operations of the targeted system, gathering intelligence. The malware intercepted commands sent from the Siemens SCADA software, and replaced them with malicious commands to control the speed of a device, varying it wildly, but intermittently. If not detected, it could theoretically reprogram the controls of water treatment processes to poison the supply, or cause a nuclear reactor to overheat.

• In 2009, a worm known as Conficker infected millions of computers around the world, including those in the French navy and the city of Manchester, England, through infected USB disks.

• An infected USB drive was partially blamed for the 2008 crash of a Spanair Flight in Madrid that killed 154 passengers. An investigation found that a computer virus spread through an infected USB drive caused a failure in a fail-safe monitoring system at the airline’s headquarters. As a result, the system was slow in sending an alert that something was wrong with the plane, which would have delayed departure.

How a breach on your network can help terrorists

It’s not just government and utilities that should be concerned about the connection between IT and terrorism. Any company, organization or government entity that possesses personally identifiable information is a potential target for terrorists. That’s because this information can be used for funding terrorism and to hide perpetrators in plain sight.

As far back as 2002, the FBI was warning about terrorists using identity theft as a catalyst to their efforts.

In testimony from that year to the Senate Judiciary Committee, the chief of the FBI’s Terrorist Financial Review Group said, “…terrorists have long utilized identity theft as well as Social Security Number fraud to enable them to obtain such things as cover employment and access to secure locations. These and similar means can be utilized by terrorists to obtain Driver’s Licenses, and bank and credit card accounts through which terrorism financing is facilitated.”

In addition to using stolen information for funding and travel, terrorists can steal the identities of specific individuals who work at airports, electric plants or mass transportation facilities to potentially gain access to those areas.

There seems to exist no limit to what a knowledgable and well-financed group can develop in the war on cyber terror. It is therefore the responsibility of all IT professionals and those they work with to remain diligent when accessing networks, follow each and every security protocol, and stay educated on the latest threats and how to combat them.