When Google in China experienced repeated cyber-attacks and efforts to access the Gmail accounts of Chinese human rights activists in January this year, the search engine giant decided not to remain quiet, and instead choose to publicly denounce the attacks that led to confrontation with the Chinese government.
Google said it was considering closing its Chinese operations and was no longer willing to censor results on Google.cn. This triggered a storm of protest from both human right campaigners and politicians on both sides of the spectrum.
This event highlighted the very real threat that both companies and governments now face from a unseen number of cyber-warfare experts who can break into a company’s systems for industrial espionage purposes, or to attack a nation’s critical infrastructure, such as power stations, in the event of war.
In the United Kingdom, the Cyber Security Operations Centre (CSOC) hosted by GCHQ is scheduled to become fully operational on 10 March. The CSOC was created as part of the UK’s National Cyber Security Strategy, and its main purpose is to identify cyber attacks in real time.
What is ArcSight?
“ArcSight has been around for 10 years now, and it focuses on identifying footprints in enterprises that indicates bad things are happening. We track what is actually happening in the enterprise, based on logs etc, and alert the company so that business operations can continue to function normally. If a hacker decided to attack a critical server, we would know the server that is involved, and we would know if we really care about the data being hosted on that server. We can prioritise that event, and stop that traffic.
“With a lot of attacks coming from within the organisation, either internal staff or privileged users, we can provide visibility to both external and internal threats.”
Do organisations have a lack of visibility regarding their internal infrastructure?
“Absolutely, organisations very often have a lack visibility about what is going on inside their systems. Most companies have invested large amounts in perimeter protection such as anti malware security, but these companies very often have a huge blind spot as to what is going on internally. The IT department is focused on support, troubleshooting, and building new applications. They are also under pressure to open these applications to customers and outside users, which at the time introduces more vulnerabilities. Do they know who is looking at the data?
“Security tends to be way down on the list of priorities, indeed Gartner said it was number 8 on the list of priorities. What is needed is a single plane of glass that can provide insight into what is going on inside an organisation’s infrastructure. We can map individual users and trace users back to the IP address for example. One of the problems some companies experience is with legacy accounts and people sharing the same user ID. This can lead to backdoors, so detection is the key.
“The second issue comes from staff who have been terminated, or have left the company, but their ID has not been taken out of the system when they leave. Accounts that are dormant, that is where the bad stuff happens. Disgruntled employees for example can be tempted to do something bad.”
Page: 1 2
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
DOC (digital/optical) computers, now capable of "changing information on the fly" while en route, have introduced a new problem in that the information which arrives at any destination may not be the information from the source. Nor will it necessarily be from one source to one location, but rather split at that point to multiple destinations, even translated into other computer and human languages.
The current trend to force exposure to source code opens up the entire world to the theft of their information, most of them without the knowledge of the incidents. Now that we know Intel was also a victim of the recent attacks by China, the designs of chips themselves may be known, opening up new backdoors of access via alternatives, such as access to computers via electrical wiring and/or parts of the video signal.
Likewise, with botnets of computers to servers and from there to other servers, the potential for multiple participants in one event or target on the front end are also possible.
We are now in a multi-point to multi-point disinformation oriented crime ring network architecture and computers are not the only targets. As brain interfaces become more known of, the ability to track IP addresses of a victims' computer may be critical to automated systems of defense. Let's hope that the UK has not fallen for the fake "privacy" issue and the decoy of "oneness".
Boundaries to protect the individual and their rights are now necessary to safeguard not only their freedom, but their lives.
As with all others, they will be only as good as the equipment they use, most likely designed and manufactured in Asia. Don't be ignorant of the microchip back doors built into the hardware, especially the electrical wiring.
Good luck to the UK and their new center!