/* Add the font family you wish to use. You may need to import it above. */

/* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

/* This sets the universal color of dark text on the site */

/* This sets the width of the website */

/* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

/* This affects all grey background sections */

/* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

/* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

/* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Critical Infrastructure and Security Strategy

by Carl Weinschenk on September 24, 2015

byod security In early September, Director of National Intelligence James Clapper said something to a House subcommittee on Intelligence about network security strategy that was frightening even by the standards of cyber security – which covers some inherently scary ground.

Clapper said that the next wave of electronic espionage may take the form of changing information, not stealing it or preventing access to it by denial-of-service or other types of malicious interference.

meraki security cameraThink about it for a second: If, for instance, millions of IDs are stolen – from the government or business – the one (very skinny) silver lining is that sooner or later everybody knows that they are stolen, and corrective measures can be taken. If, however, the data in the record is changed in a way that benefits the criminal, foreign power or lone wolf without it being noticed…well, that’s a problem, and potentially a far more serious one.

(Short on time? Click here to download a Free Guide to Keeping Your Patient Records Secure.)

Patrick Tucker, who wrote the piece at Defense One describing Clapper’s comments, identified critical infrastructure as one of the likely targets for such activities. He noted that Energy Department networks were infiltrated 159 times between 2010 and this year, according to information received by USA Today through a Freedom of Information request. And those are just the intrusions we know about.

The ability to infiltrate and potentially wreak havoc on critical infrastructure is particularly acute because these networks were architected before the age of the Internet. Critical information was not segregated and treated more carefully than less important data. Planners had no idea that a hack could come from a remote location -- or that a thumb drive could carry a virus and be easily introduced to the system. Even the linking of facilities via the Internet was not considered, simply because there was no Internet.star wars and network security

It is, of course, possible to retrofit security onto these existing but weak structures. However, retrofitting security is never quite as good as building it into structures from the ground up.

Thus, keeping critical infrastructure secure is a difficult task especially BYOD security. Aden Magee at Homeland Security describes an approach that is extremely nuanced. It includes, in his works, “sophisticated threat analysis and assessment methodologies.” The bottom line is to put yourself into the mindset of the hacker and figure out how he or she would try to infiltrate the organization. The government goes through this drill. It also prioritizes threats. It’s a complex game with lots of gray area.

The bottom line is that deep thinking – as well as good tool such as a Meraki Firewall – are necessary to protect critical infrastructure. The combination of the fact that the building blocks of many of the networks were put in place long before the nature of the threats became apparent with the cleverness of hackers makes Clappers warning especially chilling.


Topics: Meraki, Networking