Recent network outages point to critical technical vulnerabilities
By Byron Acohido, ThirdCertainty
FBI Director James Comey told a Senate hearing that there was “no evidence” that the network shutdowns at the New York Stock Exchange, United Airlines and the Wall Street Journal on Wednesday were the result of a cyber attack.
But absence of evidence is not hard proof that something nefarious wasn’t behind the outages, which hit major components of America’s infrastructure within a matter of hours.
The buzz in the information security community this morning is that it’s too early to tell whether this stunning “coincidence” might be the manifestation of intruder activity. At the very least, the outages show the brittle nature of interconnected business networks.
Here’s what security thought leaders are saying:
Jonathan Sander, strategy & research officer at STEALTHbits Technologies:
“What does it say that the first thing everyone assumes is that the outages were security related? It’s very clear that the good guys are not winning the PR battle in the digital security world. We all assume the bad guys can take down any size company at any time.”
Igor Baikalov, chief scientist at Securonix:
“If the DHS and FBI are correct in ruling out a cyber attack, then our technological foundation is in really bad shape. It’s our critical infrastructure we’re talking about! To have vital transportation, financial and media companies, that are heavily dependent on technology, experience disrupting ‘glitches’ in their busiest hours is something that only a global war game scenario can envision.”
Tim Erlin, director of IT security and risk strategy at Tripwire:
“There are many layers of technology between the consumer and the services we depend on. The level of complexity can be staggering, and this means an error made by a developer halfway around the world somewhere in the supply chain of a service can impact the operations of major businesses like United.”
John Gunn, VP of Communications, VASCO Data Security:
“These interruptions of service are an important reminder of the vulnerabilities inherent in modern IT infrastructure. It is easy to envision a future where attacks against basic IT infrastructure could become as common as distributed denial-of-service and ransomware attacks are today.”
Pierluigi Stella, Chief Technology Officer of Network Box USA:
“The only reason why such a disruption might happen that I can think of would be human error—someone, somewhere made a mistake and broke the configuration of the router—or so it’d appear. Therefore, the issue isn’t really our dependency on technology, but rather, our dependency on those who maintain and configure said technology. The Internet is so interconnected that a small error in one place can rapidly bring many other things to a screeching halt.”
Brad Taylor, CEO, Proficio:
“With all of the breaches and fallout from them over the last year, everyone’s on edge whenever there’s a major outage, and worried that it’s ‘the big one’—the attack that takes down a critical resource, and public trust along with it. The fact is that virtually all of the big corporations are hit by known attackers thousands or tens of thousands of times each day. Hackers are constantly probing defenses and testing attack strategies.”