In the gutter looking at Stars
Attacks like Stars and Stuxnet propel businesses into a more serious security situation, says Anthony Perridge
I can't say I was surprised to read not so long ago that Iran is facing another malware attack – from Stars, 'son of Stuxnet' – less than a year after the Stuxnet SCADA worm gained the attention of security managers across the world.
Attacks of this nature have always been a driver for resellers to beef up their security, because there will be a broad interest that spurs demand from the moment the stories start hitting the press. But the channel should be aware that the hackers are becoming more sophisticated, and their attacks are becoming more specific.
As SCADA threats become more common and more attacks are brought into the public sphere, organisations are forced to address the security of their SCADA networks. The government recently issued a mandate that redefines the nation's telecom system as critical infrastructure, and there is now even more impetus for the channel to offer a way to protect this infrastructure and maintain availability.
The threats to SCADA networks also introduce a new sales opportunity for the channel, because SCADA networks are the responsibility of engineers and not the IT department. The channel needs to lead the way in educating these network owners and in making them understand that protecting themselves is essential.
Measures are needed now, before SCADA networks are hit, as the repercussions of this kind of attack can be very threatening – and not just in the way of traditional computer viruses that can cause a loss of earnings or reputation.
Although the jury was out on Stars at the time of writing, Stuxnet is an example of a cyber attack that is more serious than its predecessors for a number of reasons, most notably because a user does not have to run anything for the virus to infiltrate the system. Simply opening an infected folder and viewing the file icons is enough to infect a machine with the virus.
So what is the answer for organisations, and how can they look to protect their SCADA networks? The Stuxnet worm raised the bar on complexity and was widely considered by the security community to be the first of many types of weaponised malware structured for nation-state impact. Stars may well add to this.
I believe that a strategy for defence is recommended. It must have multiple layers, such as encryption, firewalls, access control, intrusion detection, compliance enforcement and anti-virus protection.
Awareness of what's happening on your customer's network is more important than ever. As more process control networks are connected to the internet, they are also exposed to a wider range of attacks.
Distributors and resellers need to offer customers a robust and powerful solution that can monitor the environment and be applied to corporate and process control networks alike. As Stuxnet and Stars have shown, the problem is only going to get worse.
I predict that protecting your SCADA network will be a necessity by next year, and it will be part of all departments' overall security policy. The channel will have no other option than to respond to this.
Anthony Perridge is channel director for EMEA at Sourcefire