Insiders: The Weak Link
As any security professional knows, an organization’s trusted insiders can be primary threats to cybersecurity, and that type of threat is the most difficult to mitigate, because these individuals have authorized access to systems.
Even when insiders do not have malicious intent, they can unwittingly assist those with nefarious aims if they are not on alert against the potential risks. For example, it has been suggested that the Stuxnet worm was delivered to the Iranian nuclear community through a USB flash drive that an insider plugged into the system without realizing that it was infected.
This calls attention to the many possible ways that malware can be introduced into a protected network by employees and contractors who are permitted to plug devices into workstations, laptops, and field devices or to access the corporate network remotely. It is the perfect environment for spreading malware in the same way that social contact spreads biological viruses.
Another potential cyberthreat comes from terrorist organizations, such as al Qaeda, Hamas, Hezbollah, Palestinian Al Aqsa Martyrs Brigade, Aleph, and Chechen groups. It has been reported that al Qaeda has already called for cyberjihadists to attack critical infrastructures. In a video obtained by the FBI in 2011, an al Qaeda operative called upon the “covert mujahidin” to launch cyberattacks against the U.S. networks of both government and critical infrastructure, including the electric grid. The video compares vulnerabilities in vital American computer networks to the flaws in aviation security before the 9-11 attack. At the time the video was released by the Senate Committee on Homeland Security and Governmental Affairs, Committee Chair Joseph Lieberman (I-CT) stated, “This is the clearest evidence we’ve seen that al Qaeda and other terrorist groups want to attack the cyber-systems of our critical infrastructure.”
If terrorist organizations acquire highly sophisticated malware, such as Flame, many information security experts agree that a global Internet blackout and crippling attacks against key infrastructure are possible.
Though most critical infrastructures may be more at risk of a rogue hacker attack or accidental malware infection from careless insiders, the likelihood of a nation-state attack has grown since June 2010, when news of the malicious worm called Stuxnet broke. In that case, reports from credible cyber labs around the world supported the conclusion that it was a targeted nation-state cyberattack on Iran’s nuclear industry. As the Stuxnet code and payload were investigated, the notion of a nation-sponsored cyberattack was borne out when the New York Times reported that the United States and Israel had confirmed this worm was part of a joint intelligence effort code named, “Operation Olympic Games.”