SandyHook Security Policy | Newtown School Shooting | WTNH.com Connecticut

SandyHook Security Policy | Newtown School Shooting | WTNH.com Connecticut

Sandy Hook school staff and administrators did everything they could security-wise, from plans to systems to procedures to drills. But a determined attacker willing to die will sometimes get through. At that point security is about response and mitigation.

Credit needs to go to those teachers who responded quickly and correctly to the crisis, and kept their students out of harm's way. In addition, emergency response to these types of events has come a long way since Columbine. 

The perpetrators of these crimes will always seek out the softer targets, so our security awareness will need to raised in more and more areas - places where we may be unaccustomed to it. Vigilance and knowing what to do in these situations is key. 

Trent Higareda

CTI Consulting

301-528-8591 Office

Nearly two-dozen bugs easily found in critical infrastructure software - CSO Online - Security and Risk

Nearly two-dozen bugs easily found in critical infrastructure software - CSO Online - Security and Risk

This is going to be the biggest problem for the US for the next 5 years or more.  The stuxnet and it's cousins where developed by the US and others, but the cat is out of the bag.  These SCADA systems only need small very easy to make and change commands to cause immense damage.  The key is the insertion systems used, and they are getting very sophisticated.

Internet hookups where the first, biggest, and still most used insertion tactic.  Then some really did go to the point of securing the internet, by unhooking completely.  This caused a shift to Flash drive insertions, and this is apparently how the Iran Nuclear system was infiltrated.  Ah but a lot of folks are really locking down flash drives so they are not as big of a problem as before.

Now the big move is to cell phones, and any other blue tooth or wifi enabled device.  There are still a lot of targeted attacks going on, but there are also becoming more and more attacks that are just broad shotgun style like the bot attacks we see on the internet.

The key is to just get the tool for insertion started by the broad attacks and then when you need to really to move the attack forward you look for a system that has been compromised by the broad attack.  For the teams that started the attack, it works very well, but more and more other attackers are finding that they can look for the compromised systems and then exploit them.  Some say the Chinese are doing this to US broad attacks in the Mid East.  But the documented attacks are organized and not so organized crime teams hitting anything they can.

SCADA systems are known for using PLC's or Programmed Logic Controllers. These PLC's run everything from access controls for gates, everything from Airports to Prisons, to valve controllers used in everything from Nuclear Power Plants, to Water and Waste Water Plants.  Some of these attacks are out there just waiting for a chance to operate. The original attack targets are long in the past, now these code bombs are just moving around the world waiting for the chance to infect something.

Some criminal types have recognized this and have tried and sometimes have been successful in extorting money from agencies and authorities even though they did not start the attacks, or even know how to stop the attacks.

We should be in for a long hunt and many problems over the next years.  That is what is already out there, others are being developed everyday.

Rich