How Would Your Business Fare Against a Computer Attack?

The Department of Homeland Security, in partnership with the Idaho National Laboratory in Idaho Falls, Idaho, recently underwent an exercise to show how hackers would be able to infiltrate the computer systems of a mock-up chemical plant. This exercise was designed to show the dangers such hackers pose to the systems that run machinery in companies nationwide, and then to find ways of combating such attacks, according to a recent CNN article on www.cnn.com.

In the process, the hackers used real-world concepts, including:

Executive Trust

Corporate executives most often have access to vital systems and information. Cyber attackers most often use this knowledge to their advantage. So, instead of attacking control systems directly, they go the route of using the company’s trust in their executives to their advantage.

Phishing for Trouble

Phishing is another tactic used by hackers. By sending what looks like a legitimate e-mail from friends, attackers are able to include malicious software that provides access to the sender’s computer, creating a potential link between the attacker’s computer and the corporate computer.

Using a System's Security Against Itself

By gaining control of such systems as surveillance cameras, hackers are able to use those systems against their target. Hackers use such systems to gain information on what their targets are up to and what they do in response to the attacker’s attempts to gain control of their systems.

An Illusion of Control

Attackers can even make their target think systems are normal, but in reality they are on the verge of malfunction, or in extreme cases, on the edge of destruction. By gaining control of vital systems, they can send instructions that say everything is normal, but in reality it is not.

After the exercise was completed, everyone involved went away from the exercise with a new understanding of the vulnerabilities of the systems that guard the companies within our nation. Through information gained from this exercise, new ways of protecting these assets can be developed.

For more information about the recent government exercise and ways to increase cybersecurity, visit: http://www.cnn.com/2011/10/17/tech/innovation/cyberattack-exercise-idaho/