From Micro to Macro Security

OK, we all have issues securing our own IT environments. For me I am busy locking down the IT infrastructure chez Stanley ensuring our network and PCs are as secure as possible. Although the computing kit we have is hardly going to keep Mr Dell in nice suits for long, I have enough to worry about.

Some of the kit is sandboxed as work only, and on that basis I am very careful what software is loaded and how the PC is used. Other kit is used for some more esoteric interests I have and end up with a bunch of software that interfaces with electronic gadgets and devices.

On the whole we do very well, and touch wood so far have a pretty stable environment.

This contrasts massively with the problems governments have in securing the IT infrastructure in support of an entire country. This macro level security covers mission critical infrastructure such as the power grid and air traffic control systems.

According to this report a simulated attack on US infrastructure that cost $3 million to stage showed up some holes in the systems we all rely on daily. Hosted by the Department of Homeland Security, the test involved 300 people from the public and private sector battling it out in February this year.

The good news is that the DHS claimed a victory and have assured us they are fixing the security holes that were identified.

A number of the attacks were from insiders—previously trusted employees that used their insider status to launch attacks. This is probably the scariest part of the scenario as preventing/detecting these attacks are very difficult.