Business gateway security firm Secure Computing says its new Cyber Security Initiative is aimed at protecting critical networks, applications, assets and data, without sacrificing availability.
Scott Montgomery, vice president of global technical strategy at Secure Computing, explains that the initiative will provide users with research, tools, technologies, solutions and best practices to re-evaluate their approaches to infrastructure protection.
“Even though businesses and government agencies know they need to secure their networks, many don’t have the in-house expertise, or time it takes, to fully secure systems,” he says. “We want to elevate awareness so that they understand how to change behaviour to make security a high priority.”
And Elan Winkler, director of critical infrastructure solutions, adds: “Our customers are concerned about how the security issues they read about in the media – malware, phishing, pharming, unauthorised access to servers, etc – can affect their critical control networks.
“Cyber security wasn’t originally designed into these types of networks. Add to that the new government regulations like NERC CIP, and we end up with a lot of unknowns and uncertainty.”
He’s talking about systems that are critical to businesses, but also specifically those running power grids, water supplies, railways, nuclear energy plants etc. Montgomery cites estimates of the potential for damage from a single wave of cyber attacks on US critical infrastructures as having the potential to exceed $700 billion – the equivalent of 50 major hurricanes.
Beyond the obvious blandishments that security isn’t an option, it can’t jeopardise functioning of monitoring and control networks and that it must protect networks, access and information, Montgomery says users need to start with discovery.
“Often, they don’t know exactly what they have, so a thorough audit [by Secure Computing] helps determine what their landscape looks like. They also need to be educated about where their security vulnerabilities are, and where they need to look for holes. Once we have done that, we look at how Secure Computing solutions will work with the systems they have.”