“Cybersecurity’s impact is about incident response, and resilience within your organization to recover”, said Sherry, Trend Micro’s VP of technology and solutions. With most CI in the private sector and its increased reliance on cloud services, it will become increasingly important to incorporate secure cloud approaches to protect CI, he said.
During a keynote address at the summit in San Francisco this week, held alongside the RSA Conference, Sherry highlighted the recently completed Framework for Improving Critical Infrastructure Cybersecurity released by NIST, noting that it breaks down into a few key areas: protection, detection, response, and an ability to recover from incidents.
Two focus areas within CI security included SCADA and industrial control systems (ICS), as Trend Micro’s research demonstrated just how vulnerable these systems are to external attackers.
The company set up a honeypot ICS network, 12 in total, in eight different countries, which it had been running since January 2013. Since that time, Trend observed 74 attacks, 58% of which came from Russia and 9.46% from China. The fourth most came domestically, after Germany.
‘Critical attacks’, eleven in all, came from China (50%), Palestine (20%), Germany (10%), the UK (10%) and France (10%). Most non-critical attacks came from Russia (67.19%), most of them coming from botnets “that fund the cybercriminal underground’s capability”, Sherry observed.
Online attack services are still a big market, and relatively cheap, he added. Protection, Sherry insisted, can be found across the layers of computing: physical, virtual, public cloud, and private cloud. “Offense informs defense”, he noted. “We need to fail faster to determine our capabilities”, Sherry said, adding it has important that organizations classify data and assets.
“We would love for you to encrypt anything, but it’s not always practical. You at least need a data classification plan to know what should be encrypted”, he asserted.
Daniel Poole, cloud security architect for Vodafone, agreed. “The use of cloud has exploded”, he observed.
“You can’t encrypt everything – that will cost a fortune. If you encrypt everything in the cloud it will make it more expensive than storing the data on premises”, he insisted.
The key is not necessarily restricting the use of cloud, but governing the way it is used, Poole argued. “You don’t prohibit, but you establish the when and the how.”