Cyber-threat more than just a game

In a bid to end scepticism surrounding the threat of a cyber-terrorist attack, Gartner Inc. presented its own “digital Pearl Harbor” research in Sydney last week.

With the support of the U.S. military, CIOs from national infrastructure organizations such as financial services, power utilities and the telecommunications sector, a “war games” scenario was created as a useful exercise to identify risks. The chilling results delivered by Gartner research director French Caldwell found financial services the easiest target, with high disruption potential for attacks on power utilities. He said the exercise proved a cyber attack was feasible.

Teams were established and participants put themselves in the minds of terrorists. Each was given a different target, with Caldwell pointing out the attack would not be launched by a single group but a syndicate.

“Just like a Hollywood film, the syndicate will have a director and a producer and the extras wouldn’t necessarily know what the script was,” he said. “We assume the attackers would be well funded, not a state organization and the attack would have to be planned in years; a serious attack would take two to five years of planning to execute successfully.”

The type of person engaged in the attack was likely to be a highly-skilled contractor servicing these particular systems and having “sleeper access” to the network.

“In the past these systems have never had rigorous security or staff auditing, so time bombs can be built into the system,” Caldwell said. “It is unrealistic to believe a group wakes up one day and decides to launch an effective attack.”

Demonstrating this point, Caldwell referred to last month’s attack on all 13 domain name root servers, which led to speculation that attempts were made to shut down the Internet. The DNS attack successfully shut down seven of the root servers for about an hour and is being investigated by the FBI.

Caldwell said there was a capability to destroy the Internet itself, which was demonstrated by the Internet terrorist team during the scenario. “That particular attack is an interesting example of how it could occur,” he said. “From a forensics perspective, the DNS attack was different to anything seen before.

“It may not have been a major disruption, but strategically it was of significance. The root server attack was so strategic it is worth a lot of investigation because our war game demonstrated the need for test runs and development phases to make it really effective.”

Caldwell said while 90 per cent of attacks could be prevented with good IT security practices, this was not a reality because of poor software. “It would take the industry a generation to upgrade enterprise systems already in place. Governments should be looking at minimum level security for the enterprise.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now