Today, parts of the US critical infrastructure, such as power grids, pipelines, reservoirs, water systems, and other industrial nodes are more connected to the Internet than ever, said Greg Schaffer, assistant secretary for cyber security and communications at the Department of Homeland Security. If nefarious cyber actors can touch these sites, much like information technology systems, there are real-world consequences that could be grave in some cases, he said at AFA’s CyberFutures Conference last week in National Harbor, Md. The discovery of the “Stuxnet” worm last year, which targeted Iran’s nuclear program, showed definitively that designers can engineer software for a specific purpose vis-a-vis going after industrial controls, Schaffer said. Threats are very evolved and nobody is “too obscure” to face challenges, as those with malicious intent could use any system connected to the network as a node or attack vector to go into another network or against another target, he said. That’s why source attribution continues to be one of the most challenging aspects of defending against these sorts of attacks, he noted in his presentation March 31. (For more from Schaffer at CyberFutures, read How Far the Cyber Threat and Conversation Have Come)
“Military history shows that the best defense is almost always a maneuvering offense supported by solid logistics. This was true for mechanized land warfare, air combat, and naval operations since World War II. It will also be true as the world veers closer to military conflict in space,” writes Aidan…