Ken Soh, CIO and Director, e-Strategies, BH Global Corporation Ltd
BH Global Corporation Ltd is today an established group providing a comprehensive suite of solutions that includes supply chain management, design and manufacturing solutions and engineering services to the Marine & Offshore and Oil & Gas industries.
Cyber Attack - Are we even ready?
Recently, an ethical hacking group was invited to perform vulnerability tests for a national water dam infra-structure. To the authority’s horror, the group managed to gain access to the dam gate management and control system via the internet within seven hours of intensive “hacking”.
"The multi-faceted nature of attacks, coupled with freely available malware construction tools has created a highly unpredictable state of affairs even at nation-wide level"
This means that all the water dam gates could be opened simply by the press of a few buttons if so desired by the hacking group. Today’s cyber security landscapes are unprecedentedly dynamic and complex. The impact of malicious intents has escalated from just enterprise-wide damages to catastrophic possibilities when such acts are targeting at critical infra-structures. The multi-faceted nature of attacks, coupled with freely available malware construction tools has created a highly unpredictable state of affairs even at nation-wide level.
“Malware” and “Advanced Threat”
In the past, malwares usually exhibited noticeable symptoms such as slowing down of PCs or crashing of hard-disks. In the cyber security industry, this is termed “noisy threat” because any infection is easily felt and noticeable.Today, more advanced approach, named “Advance Threats” entails malware that sits silently in the infected PC and acting as an agent for a remote “Command and Control” station to steal or manipulate information in the infected PC remotely, even from another end of the globe. Typically, historically discovered “malware” are computed with identifiers named “signatures” that are used for future identification. This is similar to the DNAs of biological viruses. Unfortunately, since “Advance Threats” are typically yet to be discovered, they do not have known “signatures” (or DNAs) and therefore are harder to be discovered and be filtered out by main-stream anti-virus tools and measures. Unfortunately, such threats are silent yet lethal. It is akin to the killing risk of carbon-monoxide as it is odorless, and by the time it is discovered, the killing might have been affected and it is too late for any rescue/remedial actions.
Why is “Advanced Threat” so Dangerous?
“Advanced Threats” today are not just silent information stealers, they may initiate serious and catastrophic threats that target critical infra-structures such as energy, water and even nuclear plants. A quick Google search on “stuxnet” would explain that. The reality today is, large infra-structures, be it in sea, land or air, are subject to such kind of “soft but potentially fatal” threats unknowingly.
For example, there were reported cases that a floating oil rig was tilted; and another was stalled for 19 days, both due to infected systems. Separately, Somali pirates today are eavesdropping on vessel navigation information as a means to identify their “fatter” targets. This forces many ships sailing in the piracy-prone zone to turn off their navigation systems, or to use devices to “illegally” report false location information to the global navigation networks. Unfortunately, such “counter-measures” are risky by it for apparent reasons.
In the past, you download or copy a bad file, and your PC is infected. Today, a PC could be infected silently merely through visiting a malicious web site. The user does not even need to click on anything in the web site to be infected.
Education is Key
The community therefore could not stay ignorant of such threats anymore. To re-iterate, there are few elements that business owners should be educated in and aware of:
Firstly, today’s malwares typically do not perform straightforward attacks like crashing your hard-disk. It stays silent and resident in your system, acting as the agent, responding to a “Command and Control” (C&C) system that may reside in remote PCs in even another country, to easily browse your PC and siphon out files and information of interests. Secondly, the infection process is much more advanced today. You may just be browsing a website, or might open a document file in an email, and because these malware do not get detected easily, they do not bear signatures so they may stay undetected in your PC for a long time. Thirdly, and most seriously, these malwares today may target infra-structural operations.
The Counter-Measures – A Holistic Approach
Alongside education, it is important that appropriate processes and tools are put in place, whether it is in the land offices, on-board vessels or off-shore sites. There is no one-size-fit-all solution. The site concerned needs to be accessed by the security specialists so that a fitting solution could be recommended. Over or under sizing of security measures would result in unnecessary spending or inadequate measures respectively.
While the traditional perspective of people, process, technologymay sound like another outdated and dry reference model, it remains a useful baseline for a holistic and effective cyber security management framework. With the rapid emergence of new and sophisticated malwares, CIOs/CISOs may start to feel the criticality of technology factors over people factors going forward.
In summary, today, it is essential for organizations to incorporate end-to-end actionable items into their BCM framework. Some of these items include: cyber-attack vulnerability assessment, prevention, detection and incident response framework.