ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Global Tech Threats

Estonia's cyberattacks: Lessons learned, a year on

Tom Espiner ZDNet.co.uk

Published: 01 May 2008 14:04 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...doing business with countries such as China and France will, as a matter of course, be subject to attempts to steal information and intellectual property.

"What we're seeing is every organisation that's doing business with certain countries is being targeted with the same cyber-weaponry that the military is being targeted with," says Paller. "If you're about to do business with a particular country they will not only penetrate your computers, but they'll go after your lawyers, consultants and accountants, looking for all the documents about the deals you're about to make, giving them a competitive weapon. My guess is there are 25 countries being involved in this at some level or another. The commercial side of it seems to be more China and France."

State of denial
However, following the attacks on Estonia and on other country's critical national infrastructures, Paller says critical national infrastructure (CNI) operators in many countries, including power utilities, banks and health services, still had not made adequate security preparations.

"There's still a state of denial," says Paller. "The most difficult problem is to get the energy in place to build defences, as long as your senior leadership wants to believe they wouldn't be targets. One of the reasons the CIA released some data about an actual outage [involving a power company] that was caused by remote cyberattack was to awaken senior management of critical national infrastructure to the idea that being in denial is just stupid, you actually have to start protecting your systems."

According to Paller, problems faced by CNI companies include extortion from criminal gangs that prove they can attack and demand money, which Paller describes as a growing threat. Victims are like to pay up, says Paller, "even if they don't think the bad guys are likely to do what they say they can do."

Paller warns there is also a danger of people "owning" computers to be used later. "They come in, take them over, collect as much information as they can about employees, management systems and passwords, and they hide, just hide," explains Paller.

Control mechanisms
Tiirmaa-Klaar argues that CNI companies have a long way to go before their security is up to scratch. Supervisory Control and Data Acquisition systems (Scada), used in conjunction with human operators to control industrial systems, do not have adequate security in many European countries, she claims.

Read this

Feature
Corporate espionage: Not if, but when

When it comes to business-to-business theft of information, experts agree — it's best to assume it will happen to your company

Read more +

"Critical national infrastructure organisations should check the gaps where their Scada systems are connected to the internet," says Tiirmaa-Klaar. "In many cases Scada is not secure: it depends on the country. The UK [is probably] safe, but I don't know about all European countries. A lot of critical infrastructure is in private hands, and private companies are always having to update their systems. Private companies are not interested in investing in security unless it's really vital. Governments have to make sure private companies are investing in up-to-date systems — there should be control mechanisms."

John Colley, the managing director of security training organisation ISC2, claims that in the UK the effect on government has been to focus attention on the possibility of politically motivated cyberattack. However, he says businesses have done "very little beyond what they were already doing", although he concedes that most businesses now plan for distributed denial of service (DDoS) attacks.

"My impression is that government is taking it more seriously than industry," says Colley. "It could be that industry is not particularly focused on Estonia."

Other security experts, such as the National Institute of Standards and Technology's manager of systems and network security group Tim Grance, say that assaults...

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell
Global Tech Threats

Did you find this article useful?
7 out of 7 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More in this Special Report

Governments prepare for 'cyber cold war'

Governments prepare for 'cyber cold war'

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. more

MI5 warns of Chinese digital espionage

MI5 warns of Chinese digital espionage

MI5 has issued a warning to UK businesses that spies in China are conducting a campaign of cyber-espionage against them. more

Burglars plunder Verizon's London data centre

Burglars plunder Verizon's London data centre

Criminals posing as policemen conned their way into a data centre near London's King's Cross station, tying up staff and stealing computing equipment, the Metropolitan Police said on Friday. more

Cyberterrorism: Myth or reality?

Cyberterrorism: Myth or reality?

Following recent accusations of government-sanctioned digitial espionage and alleged hacking attacks from China and Russia, there seems to be evidence that countries are capable of using electronic means to disrupt the computer systems of rival nations. more

Explaining the Estonian cyberattacks

Explaining the Estonian cyberattacks

When it comes to denial-of-service attacks, Jose Nazario has seen just about everything. more

The worst IT security incidents of 2007

The worst IT security incidents of 2007

Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches. more

Cracking open the cybercrime economy

Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software more

Countering corporate espionage

Countering corporate espionage

Theft of commercially valuable information costs the world's largest companies over £22bn a year, and small firms are just as vulnerable. How can you mitigate the risks to your company? more

Anatomy of a hack attack

Anatomy of a hack attack

With the help of security experts we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case more

Storm worm anniversary brings fresh variants

Storm worm anniversary brings fresh variants

The first anniversary of the Storm worm has brought a fresh wave of variants, security companies have warned more

CIA: Cyberattack caused multi-city blackout

CIA: Cyberattack caused multi-city blackout

The CIA has warned of successful attacks against various countries' critical national infrastructures more

Schneier: Cyber-extortion on the rise

Schneier: Cyber-extortion on the rise

The security expert has warned of an increase in cyber-extortion, but added there is no need for panic about attacks on critical national infrastructures more

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Oracle Developer - Inv Banking - London

Full project lifecycle experience including: requirements gathering, functional and technical design documentation, building and deployment. Oracle ...

Business Analyst - Software Company

Reporting to the Head of IT, in this position your responsibilities will include: - Requirements Gathering - Producing detailed Documentation / As ...

French/English- Web Project Manager- Reading- to 40,000 pa

They work with a number of leading financial institutions on innovative web designs to improve the usability and functionality of their websites. A ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers