A recent article in the NY Times claims:
The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries, and nuclear plants.
This cannot be allowed to happen, here I explore the issue in a little more detail.
The NY Times is identified the risk as:
…all it takes is one click for an attacker to get inside a system. In one case, Critical Intelligence could see an instant messaging exchange between two employees that discussed critical systems. And while it would be difficult for attackers to inflict catastrophic damage from one employee’s machine, a patient attacker would simply wait for that employee to connect his or her laptop to an electrical substation, or move around the network to an employee who connected to critical systems regularly.
This is only true if the networks are connected. Air gaps are a candidate solution, but this also prevents legitimate business processes. As explored in air gap security failures, this need for the exchange of data is one reason why air gaps all too often fail.
In Air-Gaps, Firewalls and Data Diodes in Industrial Control Systems an alternative approach is explored that looks at putting one-way network connections in place, based on Data Diode technology. This enables the business process while reducing the risk. The briefing then looks further at how Data Guard technology can further minimize the risk, using content filtering to ensure only data related to the allowed business can pass the one-way connection.
We cannot avoid the need to join systems, but we can manage the risks by understanding the business information exchange needs, and build solutions to enable those, but only those, data flows.
How are you achieving network segregation in your environment? Please leave your comments below.