Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Ups and Downs of Information Security

In the space of the last several days, there have been a number of Information Security incidents which haven't always resulted in the best possible outcome for the Information Security companies involved.

Starting off the period was Symantec's inadvertent alert of a Level 4 threat based on information coming out of their Deep Sight network. The only problem was that the message sent to clients across the globe was the result of a test that had gone awry. For the threat levels set by Symantec, a Level 4 threat (which has never been set for real) indicates a widespread debilitating attack against the Internet. The alert's timing, at 2040 Eastern US time no doubt saw the hurried recall of a number of technical staff who would otherwise be getting ready to enjoy their Friday night. Fortunately for Deep Sight customers the threat alert was rescinded an hour later when Symantec realised that their product test had propagated across their network.

Noted Security specialists, eEye, had one of their subdomains temporarily defaced by an attacker and then featured on the Zone-h list of notable site attacks. Fortunately, the defacement was quickly rectified, but it does demonstrate the risks of integrating software from multiple sources when creating and maintaining a web presence.

A major story which was reported across the week was coverage of an investigation that the FBI is launching into Unisys, after it was made public that Unisys had failed to adequately protect Department of Homeland Security systems against attack from external sources. Reports that successful attacks against Department systems had been made from systems traced back to China.

Apart from any issues about the loss of sensitive national material, it seems that Unisys failed to deliver adequate performance on the $1.75 billion USD project. Selecting just one component of the contract, the provision, installation and maintenance of seven Intrusion Detection Systems (IDS), it appears that Unisys were only able to install three, with the remainder still in their original packaging (suggesting that the IDS were hardware-based systems). Of the three installed, none could adequately detect and report real time intrusion attempts against the network.

Making matters worse are accusations that Unisys took steps to cover up evidence of intrusion, and by extension their poor performance on the contract. Alongside this is the fairly heavy accusations being laid against the Certification and Accreditation (C&A) process that the systems were apparently provided under. This is just the sort of high profile failure that critics of the C&A process are on the look out for to demonstrate the critical weaknesses present in such systems.

Another event which attracted a lot of media coverage was the test run by the Department of Homeland Security demonstrating a generator that had successfully been destroyed due to hackers being able to control it via the Internet. This is not the first time that the big scary bogeyman of the Internet has been put forward as a threat vector for major infrastructure systems. Although Supervisory Control And Data Acquisition (SCADA) systems are not normally designed with security in mind, it is important to recognise that these systems can be connected to the Internet from time to time (anecdotal evidence suggests that this is more frequent than most people think, even if the connection is a round-about connection via an internal LAN), and that connection to the Internet can let anybody take a look and attempt to control it.

Various government Infrastructure Protection teams across the globe have been aware of the increasing attention (and some successful attacks) that is being paid to these major SCADA systems and it is hoped that the industries responsible for operating these systems are becoming more aware of the risks that could be posed if their systems are exposed to the greater Internet. Of course, a very visual staged demonstration can also gain a lot of attention very quickly.

29 September 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.