But experience tells us: This is not enough. Trust
in secure perimeters alone is trust misplaced.
Modern IT networks have more loopholes and
backdoors than ever before. From WLAN to
remote maintenance or site integration and
internet access to the reliance on cloud services,
firewalls have many openings to allow the
functionality expected and required today. Many
large and medium-sized businesses have done
their homework and establish strong safeguards
in their networks. The attackers have followed
suit and often do not come in through the front
door, but rather via third parties. Germany’s
Federal Office for Information Security warns
of the dangers of the network connections
of smaller business partners. Lacking security
expertise and resources make these more prone
to exploitation than the actual target of the
attacker – a preferred bypass for cyber criminals.
The problem is made worse by the many
unintentional holes in the fence: bugs, surplus
LAN ports, unmonitored remote access and so
on.
If an attacker has overcome the first hurdle,
he is already in the network and can start his
malicious work. There will never be a foolproof
yet commercially viable network.
The Inside Man
Attacks over the net might sound impressive a common sight in movies and everyday news,
and a very real danger. However, the most
straightforward and most immediate danger is
too often ignored: the attack from the inside.
Attackers from within do not have to overcome
the outer fences in the first place. They can walk
right through the door and enjoy the trust of
their peers.
A recent study by VDMA, the German
Engineering Federation, considers malpractice
and sabotage as well as the intentional injection
of malicious code the greatest current threats,
with online attacks trailing behind. A majority of
current security incidents are caused by insiders
whose motivations reach from the archetypal
disgruntled employee sabotaging production
facilities to the selling of internal secrets as
outright industrial espionage. The results of the
study show that the concept of ring-fencing
businesses with sophisticated access controls is
powerless to stop this.
Countermeasures
Rolling out additional security down to the level
of individual controllers (with the respective
licenses this needs) is often regarded as too
4
complicated and cost-intensive. Such security
is not essential for actual operations. However,
current news about the activities of domestic
and international secret services, not least in
the field of industrial espionage, has given this
topic a new relevance. The many individual
attacks on single controlling systems or entire
plants and institutions often go unnoticed in this
flood of headline-grabbing news. The damage
caused by lacking or flawed protections far
exceed the upfront investments. The established
precautions need to be expanded to protect the
individual components. The security concept
should begin as soon as any device is turned on,
using a secure boot process to make sure that
the software from the operating system to the
individual application and its configurations has
not been tampered with. Software developers
are also interested in protecting their pr