Today Cyber Security plays a paramount role in global security. On this blog, the CEO of Paramount Defenses shares rare insights on issues related to Cyber Security, including Privileged Access, Organizational Cyber Security, Foundational Security, Windows Security, Active Directory Security, Insider Threats and other topics.


March 12, 2013

Cyber Attacks a key threat to U.S. National Security, according to a Report. (Unimpressed. This is just Common Sense.)

According to the U.S. intelligence community's recent worldwide threat assessment, cyber attacks are a key threat to U.S. national security, as reported by CNN http://www.cnn.com/2013/03/12/us/threat-assessment/index.html

I’m surprised that this is news or that it takes a threat assessment to deduce this – this is common sense!
 

U.S. National Security
 

Why you ask?
 
Well, its no surprise that the United States is one of the most technologically advanced countries in the world, and as a consequence, virtually all aspects of its economy and security are digitally powered i.e. underlying most of its business and government organizations are mission-critical IT infrastructures that play an elemental role in facilitating the digital operation and control of large parts of these organizations.
 
Cyber Security
 
These mission-critical IT infrastructures play a paramount role in protecting the digital assets of these organizations, and given their digital nature, they do not enjoy the privilege of being protected by physical boundaries such as discrete and defendable geographical borders.


U.S. Cyber Command
 
 
On the contrary, they are exposed to a vast and myriad attack-surface, as they can be attacked both from outside and from the inside, and since most of them are connected to the Internet, technically anyone from anywhere could potentially try to launch an attack against these IT infrastructures, and because the attack surface is so vast, the likelihood of an attack succeeding is rather high.

 
Advanced Persistent Threats
 
These cyber attacks can also vary in technical sophistication, and range from your vanilla kid-stuff throwing-stones-at-the-entrance DDOS attacks (which are so easy to carry out, and often glorified by an ignorant media) to advanced enterprise-targeted security privilege escalation attacks which require sophisticated technical expertise to carry-out and can result in a perpetrator gaining complete administrative control over an organization’s entire IT infrastructure.

The kiddish DDOS attacks so often publicized by the media aren’t even worthy of national news anymore, but unfortunately, the media doesn’t understand this stuff to well, so for them its news! What the media doesn’t understand well at all are advanced cyber threats which have the potential to take out entire organizations, (plausibly including many of these media organizations as well) within a day, by using the power of automation. Yes, these are very possible, but I don’t expect the media to shed light on these because they don’t have the faintest clue as to how such attacks might work, or just how much harm they can inflict.

Cyber Attack


That's the kind of stuff we worry about at Paramount Defenses; these advanced cyber security attack vectors, which often require deep technical expertise but can be automated by a single entity, such as a hostile foreign government, and one that can then be launched in a variety of ways to compromise an organization. What I’m referring to here is a Stuxnet like payload, crafted meticulously to take one or more organizations down. Such payloads, once written, can be disseminated and deployed in numerous ways, the simplest of them involving an organization’s own administrators downloading free IT tools/utilities.

Such advanced cyber security threats to organizations worldwide, not just in the U.S. are very real, and in our experience, we have found that most organizations are unprepared to secure and defend themselves from such attacks.

To make a long story short, this isn’t and shouldn’t be news to anyone, and shouldn’t require a formal threat assessment to realize – this is common sense, but I suppose, as they say, common sense isn’t that common.

That’s about all the time I have for blogging. Now if you’ll excuse me, I’ve got to get back to helping our customers secure and defend themselves from powerful, advanced cyber security threats, such as this.

Best wishes,
Sanjay