Jan 08

How Critical Infrastructure Is Vulnerable to Insider Threat

What risks lurk in US infrastructure organizations?

While the insider threat in government agencies and large companies is a known problem, less is known about the insider threat to critical US infrastructure, such as water purification or nuclear power plants. To illustrate the nature of the threats, here are two examples from a Department of Homeland Security report – the Insider Threat to Utilities report.

In April 2011, a lone water treatment plant employee is alleged to have manually shut down operating systems at a wastewater utility in Mesa, Arizona, in an attempt to cause a sewage backup to damage equipment and create a buildup of methane gas. Automatic safety features prevented the methane buildup and alerted authorities who apprehended the employee without incident.

In January 2011, an employee recently fired from a US natural gas company allegedly broke in to a monitoring station of his former employer and manually closed a valve, disrupting gas service to nearly 3,000 customers for an hour.

One has to question if there is a risk that similar and more dangerous incidents will happen in the near future?

The United States Computer Emergency Readiness Team (CERT) conducted 53 onsite assessments of critical infrastructure facilities across the United States to identify vulnerabilities and three major vulnerabilities have been identified. Following are the vulnerabilities and how they can be fixed.

The first and most common problem is that there is a lack of segmentation of internal networks along with deficiencies in perimeter protections for virtual and physical enclaves. To alleviate this problem, security professional should adopt network segmentation, which is splitting a computer network into subnetworks, each being a network segment or network layer which makes internal resources far less accessible from the outside.

The second vulnerability is the lack of boundary protections in internal networks, meaning that there are too few or no firewalls between zones, and the firewall rule sets are minimal and lack auditing/verification. Implementing more firewalls with proper rule sets and effective auditing procedure place can alleviate this problem.

The third is that remote access has been identified as a primary entry point for attacks due to a bad choice and design of remote access protocols. Implementing VPN tunnels and a restricted security zone (DMZ) for connections can eliminate this risk.

In conclusion, these vulnerabilities are well known and appropriate countermeasures and protocols must be implemented to ensure critical infrastructure. We can only hope that those in charge are taking the appropriate actions.

Leave a Reply

Your email address will not be published. Required fields are marked *