Commercial enterprises are putting our critical infrastructure at risk

04.05.2012
Cybercriminals have already figured out how to hack into enterprise infrastructure, and the critical infrastructure that controls our nation's supply of water, gas, oil and electricity just might be next.

With so many connections and shared vulnerabilities between the two infrastructures, the inevitability of this is unsettling. If the critical infrastructure is successfully penetrated, electrical grids could be shut down, water supplies could be turned off, telecommunications channels could be severed, and transportation systems could come to a halt. Take the electrical grid offline and massive numbers of power-reliant entities could grind to a halt, including everything from banks to hospitals.

TREND:

Each day brings media attention to yet another breach, but it seems we are unable to make headway on the front. It's certainly not from a lack of resources; we have plenty of technology, standards, and regulations to draw upon.

It seems to boil down to the fact that we continue to do stupid things. We still write insecure code. We still don't patch our systems. We still don't control user rights properly. We still use the same usernames and passwords across multiple accounts throughout both our personal and business worlds. And, you guessed it -- these passwords we use aren't even managed well. It's no wonder corporations continue to get hacked.

But what we should be most concerned about is that our two infrastructures -- the private/commercial/enterprise infrastructure and the critical/industrial/utility infrastructure -- are interconnected in many ways, and security weaknesses within either therefore put both at risk.