WikiLeaks withheld the source code for the CIA hacking tools. One might wonder though, what could happen if WikiLeaks did publish this code?
Critical National Infrastructure
It’s simple for intruders to obtain a list of weak systems from Showdan with a credit card. From there they can take over CNI systems using well known exploits, or powerful and secret zero day attacks available to many governments around the world. In a few hours you can own the infrastructure of an entire country.
Over the last year my company has been working on managing ever larger customer environments including some that require taking our auto-discovery of privileged accounts to the “next level”. Conceptually this means providing a solution that automatically discovers accounts, where they are used, how they are used – and then changing credentials on a regular basis without causing outages. This, in itself, is a much needed capability for most IT shops.
But, as it turns out, even with the very best auto-discovery, the human element represents the core limitation in implementing security. Therefore, our philosophy is that by minimizing the involvement of humans, security is improved because the time to manage systems is minimized.
For a long time we have been beating the drum about how automation is the only way to get control over the powerful privileged identities in the enterprise. Our assertion has always been that every step from account discovery to password changes must be as automated as possible. To that end we have been developing faster, deeper and more sophisticated technology. Our philosophy is simple: cyber-warfare opponents use automation to find weaknesses. Only by employing automation for security, can you find and automatically repair weaknesses faster than your opponents can exploit them.
The best way to describe the current critical national infrastructure (CNI) cyber-security situation is as a deadlock between the status quo and a secure future. As strange as it may seem, executive management within CNI is being held hostage by employees who have no reason to improve security.
If you’ve been following the news over the last 6 months or so, you may have noticed an uptick in articles related to Critical National Infrastructure (CNI) security legislation. You may have also seen more reports of cyber-attacks against a wider variety of targets by entities other than criminal elements seeking financial gain. Why is that?
One of the biggest defining features of the cybersecurity bill drafted by Senators Lieberman and Collins that fizzled late last year had to do with securing the critical national infrastructure (CNI) companies that keep our lights buzzing, our water running, our fuel pumping and our dial-tone humming.