Our Nation’s Infrastructure Under Constant Attack

 

Recently, a very new and very sophisticated virus has been making the rounds exploiting computer systems within our nation's infrastructure that managed large sized industrial control systems that are utilized by utility and manufacturing entities. Siemens discovered the problem and provided a statement through one of their spokesman, Michael Krampe in an e-mail statement, “Siemens quickly brought forth experts to assess the situation, using all precautions to let customers know of the virus risks.”

This is the type of threat that security experts have been concerned about for many years. A type of malicious attack that is been developed in order to infiltrate our nations infrastructure of factories and other major support systems. Gaining control of the systems could possibly cause a major accident or disrupt daily operations. An early assessment of the situation and code gives light it could have been created to steal various secrets from industrial facilities and other manufacturing plants. An IT worker from one of the utilities, Jake Brodsky, said, “This contains all the designs of weaponized applications, utilized in espionage.”

Industrial system security experts concur in believing the malicious application was created by someone who is very determined and very sophisticated in his methods, as the software does not take advantage of the Siemens system itself but attempts to exploit a Windows bug to hack its way into the system. The malicious software targeted self toward Siemens own management software named Simatic WinCC, which executes within Windows. “Siemens is alerting their sales team, also speaking to their customers of the circumstances. Customers must have an active inspection of their systems that have WinCC installations, using updated versions of antivirus software as well as being vigilant about information tehnology security.”

Microsoft also published a security advisory concerning this issue stating all versions of Windows are affected by this new virus. So far the attack has been in a limited capacity with specific targets. The supervisory control and data acquisition systems could execute the Siemens software are usually not Internet connected due to reasons of security. The virus itself is spread when a user places an infected USB flash drive into the computer. From this point the virus initiate a scan and if it tries to copy itself to another USB device or if it finds the Siemens software, it attempts to login using default passwords.

It is believed the author of the malicious software may have been trying to exploit a specific or particular installation. Wesley McGrew, a researcher within Mississippi State University and also the founder of McGrew Security has an idea if the author of the software wanted to make his way into as many computer systems as possible, here they would have made attempts to exploit more popular supervisory control and data acquisition systems. There are a number of reasons why someone would desire to break into this type of system. For instance, financial reasons.

Cyber criminals could also use the information gleaned from a manufacturers WinCC operation to discover how to create counterfeit products. This is one belief of Eric Byres, who is the chief technology officer of Byres Security, a security consultant agency. “This is an area of focused Internet Protocol harvesting.”

CISSP training in the field of information security is growing in demand as more professionals are needed to combat the ever increasing threat of security intrusion and information theft. There are many career possibilities and opportunities on a worldwide scale that need to be filled. The training in this area includes certification training and awareness and is focused on access control, security risk management, organizational security, environmental security, cryptography, business continuity, network security, security policies and compliance, and more.

About Us: Next Generation Training specializes in e-learning featuring online training videos and training DVDs. Remove the stress of trying to squeeze in an amount of supplemental training within your busy schedule with the ease and enjoyment of a Next Generation Training tutorial. Microsoft Windows 7 training courses are the best way to learn how to gain the most productivity from Windows once you migrate from Windows XP or your employees need a quick and comprehensive method of learning all of the new aspects in the revised operating system. Next Generation Training is your premier training resource.