Thursday, March 26, 2015

Cyber insurance: It’s not just for data breaches anymore

In the 2007 film, “Live Free or Die Hard,” Bruce Willis as New York City Police Detective John McClane stops the villain who has sabotaged the U.S.’s network of traffic signals, rail transport and air traffic control. The villain also has forced the evacuation of numerous federal buildings with a false anthrax alarm, with some of his men infiltrating a Maryland facility by posing as a hazmat cleanup team to sneak in and kill the guards.

This scenario is no longer fiction. In its Jan.-April 2014 issue of the ICS-CERT Monitor, the U.S. Department of Homeland Security (DHS) confirmed that a public utility was compromised when a “sophisticated threat actor” gained unauthorized access to its control system network, demonstrating that fictional attacks have become all too real. After notification of the incident, ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), an agency within DHS, validated that the software used to administer the control system assets was accessible via Internet facing hosts.



No comments:

Post a Comment