Critical Infrastructure Under Constant Cyberattack
The coming May 2010 automated election is surrounded by controversy and a number of technological fears. It all started with the defacement of some government websites and now the much talked about importation of 5,000 jamming devices. All these sounded new to the ordinary people, but to those who belong to the I.T. industry – especially those who are involved in security knows that cyber attacks happen everyday, and the impact / cost is staggering.
In a report “In the Crossfire: Critical Infrastructure in the Age of Cyberwar”, commissioned by McAfee and authored by the Center for Strategic and International Studies (CSIS) found that the risk of cyberattack is rising. Despite a growing body of legislation and regulation, more than a third of IT executives (37%) said the vulnerability of their sector had increased over the past 12 months and two-fifths expect a major security incident in their sector within the next year. Only 20% think their sector is safe from serious cyberattack over the next five years.
A survey of 600 IT security executives from critical infrastructure enterprises worldwide showed that more than half (54%) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. The average estimated cost of downtime associated with a major incident is $6.3 million per day.
The report also indicated that 60% of those surveyed believe representatives of foreign governments have been involved in past infrastructure infiltrations and that laws are ineffective in protecting against potential attacks. This is something our country is lacking. The Senate recently adjourned their session without passing into law the Cybercrime Prevention Act due to lack of quorum. A bill passed by the House of Representatives on the third and final reading.
The recent Google attack was also an eye opener as to how secure really is the Internet. Business executives are starting to show concerns on their I.T. security infrasture as well. According to a 2009 National Small Business Cybersecurity study, small businesses today are handling valuable information – 65 percent store customer data, 43 percent store financial records, 33 percent store credit card information, and 20 percent have intellectual property and other sensitive corporate content online. 65 percent of the business survey claimed that the Internet was critical to their businesses success yet they are doing very little to ensure that their employees and systems are not victims of a data breach.
Furthermore, the study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
Securing ones infrastruture is everybody’s concern – be it government or private entities. The coming 2010 automated election is critical to our country’s integrity to hold one good and honest election. Security breaches is the last thing we need now. Government should work as one and not just COMELEC. Security experts should also come into play to help this exercise.
The Philippine government should be one or two steps ahead of the perpetrators / hackers. They should anticipate all possible attacks and not just act on reported breaches like site defacements and/or reported importation of jamming devices, because honestly there are more possible attacks to disrupt the automated election.
And my advice to all, while the problem is real, its not really serious for now. Defacements is different from what is going to happen on election day. Jamming devices will only jam the signals and not alter the results. In other words, try to understand the system and try to understand the problem. And as much as possible, be part of the solution.