Critical infrastructure- Protecting the heartbeat of the Nation
People today are always connected on some device or the other through the cellular network, Wi-Fi or a LAN. Despite this, organizations have not understood the importance of protecting their endpoints. Subhendu Sahu, Director- Business Development-Asia South, Symantec, defined critical infrastructure as any network or system, which was vital for an organization’s day-to-day operations. Historically, critical infrastructure has been tagged under the term utilities. Over the last decade, the scope of this term has widened to include financial systems, transportation etc.
Attacks follow a certain sequence—incursion, discovery, capture and exfiltration. Stuxnet has been the most advanced attack so far. Its immediate successor was Duqu. Governments have been attacked frequently of late.
He stated, “What is more dangerous is what is not disclosed in the media.”
To combat threats, governments are collaborating through national and multi-lateral initiatives. However, there is no cyber equivalent of Interpol; no agency to collate information on cyberspace.
According to him, the doctrine of national security had to change. There is a need to be aware and to have the right intelligence. One should try and have foreknowledge of these attacks. Organizations should understand their assets and prioritize what is important in their networks.
An organizations should always start from the point wherein it realizes that it might be attacked. “Security is not enough, resilience is required. One needs to ensure operational continuity and the ability to recover.”
Symantec works with the government in jointly funded security research. It helps in the joint deployment of security intelligence technologies.