Recent network outages point to critical technical vulnerabilities

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Aco­hi­do, ThirdCertainty

FBI Direc­tor James Comey told a Sen­ate hear­ing that there was “no evi­dence” that the net­work shut­downs at the New York Stock Exchange, Unit­ed Air­lines and the Wall Street Jour­nal on Wednes­day were the result of a cyber attack.

But absence of evi­dence is not hard proof that some­thing nefar­i­ous wasn’t behind the out­ages, which hit major com­po­nents of America’s infra­struc­ture with­in a mat­ter of hours.

The buzz in the infor­ma­tion secu­ri­ty com­mu­ni­ty this morn­ing is that it’s too ear­ly to tell whether this stun­ning “coin­ci­dence” might be the man­i­fes­ta­tion of intrud­er activ­i­ty. At the very least, the out­ages show the brit­tle nature of inter­con­nect­ed busi­ness networks.

Here’s what secu­ri­ty thought lead­ers are saying:

Jonathan-Sander_400Jonathan Sander, strat­e­gy & research offi­cer at STEALTH­bits Tech­nolo­gies:

What does it say that the first thing every­one assumes is that the out­ages were secu­ri­ty relat­ed? It’s very clear that the good guys are not win­ning the PR bat­tle in the dig­i­tal secu­ri­ty world. We all assume the bad guys can take down any size com­pa­ny at any time.”

Igor Baikalov, chief sci­en­tist at Securonix:

If the DHS and FBI are cor­rect in rul­ing out a cyber attack, then our tech­no­log­i­cal foun­da­tion is in real­ly bad shape. It’s our crit­i­cal infra­struc­ture we’re talk­ing about! To have vital trans­porta­tion, finan­cial and media com­pa­nies, that are heav­i­ly depen­dent on tech­nol­o­gy, expe­ri­ence dis­rupt­ing ‘glitch­es’ in their busiest hours is some­thing that only a glob­al war game sce­nario can envision.”

Tim Erlin_TripWireTim Erlin, direc­tor of IT secu­ri­ty and risk strat­e­gy at Trip­wire:

There are many lay­ers of tech­nol­o­gy between the con­sumer and the ser­vices we depend on. The lev­el of com­plex­i­ty can be stag­ger­ing, and this means an error made by a devel­op­er halfway around the world some­where in the sup­ply chain of a ser­vice can impact the oper­a­tions of major busi­ness­es like United.”

John Gunn, VP of Com­mu­ni­ca­tions, VASCO Data Secu­ri­ty:

These inter­rup­tions of ser­vice are an impor­tant reminder of the vul­ner­a­bil­i­ties inher­ent in mod­ern IT infra­struc­ture. It is easy to envi­sion a future where attacks against basic IT infra­struc­ture could become as com­mon as dis­trib­uted denial-of-ser­vice and ran­somware attacks are today.”

PierluigiStella_400Pier­lui­gi Stel­la, Chief Tech­nol­o­gy Offi­cer of Net­work Box USA:

The only rea­son why such a dis­rup­tion might hap­pen that I can think of would be human error—someone, some­where made a mis­take and broke the con­fig­u­ra­tion of the router—or so it’d appear. There­fore, the issue isn’t real­ly our depen­den­cy on tech­nol­o­gy, but rather, our depen­den­cy on those who main­tain and con­fig­ure said tech­nol­o­gy. The Inter­net is so inter­con­nect­ed that a small error in one place can rapid­ly bring many oth­er things to a screech­ing halt.”

Brad Tay­lor, CEO, Profi­cio:

With all of the breach­es and fall­out from them over the last year, everyone’s on edge when­ev­er there’s a major out­age, and wor­ried that it’s ‘the big one’—the attack that takes down a crit­i­cal resource, and pub­lic trust along with it. The fact is that vir­tu­al­ly all of the big cor­po­ra­tions are hit by known attack­ers thou­sands or tens of thou­sands of times each day. Hack­ers are con­stant­ly prob­ing defens­es and test­ing attack strategies.”

Posted in Cybersecurity, Data Security, News & Analysis