According to the Wall Street Journal, the Pentagon has begun to form a policy declaring cyber attacks an act of war if the results of the attack are similar to other acts of war. While U.S. policy on this matter is not completely clear yet, it is clear that criminals have recently ramped up their use of computer hacking to reach their goals, and many organizations large and small do not have adequate defenses against this sort of attack.
According to the Wall Street Journal, the Pentagon has begun to form a policy declaring cyber attacks an act of war if the results of the attack are similar to other acts of war. While U.S. policy on this matter is not completely clear yet, it is clear that criminals have recently ramped up their use of computer hacking to reach their goals, and many organizations large and small do not have adequate defenses against this sort of attack.
When is a cyber attack an act of war?
In general, it appears that United States policy will declare a cyber attack an act of war when it causes significant damage, disruption, or destruction to systems like the electric grid, pipelines, or subways. It would also be considered an act of war if it causes loss of life. A good example of this type of attack is the Stuxnet virus. This very sophisticated virus was able to work its way into the control systems for Iranian nuclear centrifuges causing them to oscillate and ultimately shatter thereby destroying the centrifuge.
High-profile security breaches
There have been a number of high-profile security breaches in recent months. From the theft U.S. military secrets by Bradley Manning and subsequent delivery to Wikileaks to a group of hackers publishing a false story that Tupac was alive and living well in New Zealand on the PBS web site two days ago, hackers have been busy stealing and revealing sensative information regularly. Some hackers have been purposing to punish organizations that don't support their cause by defaning or shutting down their websites. Here is a timeline of the more high-profile breaches of recent history.
- April-May, 2007: Estonia banking and government websites attacked; Russia is implicated.
- August, 2008: Gorgian banking and government websites attacked; Russia is implicated again.
- November, 2008: Pentagon computers successfully attacked; Russia is accused again.
- June, 2009: First variant of Stuxnet virus begins circulating. This virus will ultimately cause serious damage to the Iranian nuclear program.
- July, 2009: A series of distributed denial of services attacks is perpetrated on United States and South Korea government websites. Although the computers perpetrating the attack were mainly in the U.S., China, Guatemala, and Japan, South Korea blames the North Korean telecommunications ministry.
- September-November, 2010: Stuxnet virus shuts down Iranian nuclear centrifuges several times.
- March, 2011: EMC’s RSA division, a market leader in multifactor authentication products, is hacked and data is lost. EMC states that no customer data was lost in the breach.
- March, 2011: Internet marketing giant Epsilon is breached. Millions of consumer names and email addresses are stolen.
- April, 2011: Sony’s Playstation Network is breached. User IDs and passwords for 77 million users are stolen, and the Playstation Network is taken down for several weeks. Sony admits that credit card information may have also been lost.
- May 29, 2011: Lockheed Martin, a U.S. government contractor who builds fighter jets, is attacked. Details are sketchy, but reports are that EMC’s breached RSA information is used in the attack. Lockheed Martin claims the attack was unsuccessful.
- May 30, 2011: The hacker group LulzSec successfully hacks the PBS website and posts a false article that Tupac is alive and well in New Zealand. The attack is claimed to be in response to an unfavorable Newshour special on Wikileaks. PBS employees’ user IDs and passwords are also posted.
How to protect yourself
If you have responsibility for security in your business or organization, you may be asking yourself how you can ensure you are protected. There is no absolute protection from Internet crime other than to completely disconnect yourself from the Internet; however, there are a number of precautions you should take.
- Make Internet security a business priority not just in the IT department, but in the board room. Upper management must be apprised of the security risks and the steps being taken to mitigate those risks.
- Use strong passwords. Whenever possible, passwords should contain letters, numbers, and symbols. They should also be at least nine characters in length. Most modern computer systems are capable of enforcing these rules so that weak passwords cannot be set.
- Change passwords regularly. We recommend passwords change at least every 90 days. Most modern systems can also enforce this rule.
- Keep software up to date with the latest software patches. Many Internet security breaches are due to exploitation of security holes that can be closed by simply applying the latest software updates.
- Limit administrative rights on workstations and network servers. If users do not have the rights to download and/or execute software, it is much harder for them to spread a virus. If they don’t have access to sensitive files, it is less likely that a criminal will gain access to those files through the user's account.
- Use reputable software for virus and malware protection and Internet filtering. We recommend Trend Micro’s Worry-Free Business Security product.
- Use effective spam and virus filtering for your email. We have multiple options for this filtering.
- Use adequate network firewalls at the perimeter of your network. Hardware firewalls are generally much better than software firewalls.
- Review firewall configuration regularly to ensure that no unauthorized changes have been made. At Innovative Networks we have a system that automatically performs a daily review of firewall configuration and sends alerts about any undocumented changes.
- Review all firewall rules at least annually to ensure that they are still adequate for your protection.
- Use an Intrusion Prevention System (a.k.a. Intrusion Detection System) at your gateway to the Internet. These systems detect when someone is attempting to use brute force or other methods to hack into your network and block them from continuing to do so.
Innovative Networks can help!
At Innovative Networks, we do not treat data security as a unique service that we offer to customers. Instead it is simply built into everything we do. If you’re interested in upgrades to your security or just an audit of your current security configuration, please contact us. We’ll be glad to help.