Five security disasters to shake the world

In the world of cyber security, disasters are no longer science fiction but a terrifying reality. We look at five of the most serious threats facing the world today.

By Tom Brewster, 27 Oct 2010 at 08:02

gallery

IT security as a topic for serious discussion has stepped up a notch this year.

Two major forces have been behind this: compliance and the emergence of Stuxnet. The former, although undoubtedly more of a pressing concern for businesses, is considerably less exciting than the latter.

However, Stuxnet has had more of an impact on the general consciousness of not just the security sphere, but in the wider world too. It made people understand that cataclysmic events caused by cyber actions are now a serious possibility, and not just the imaginings of Hollywood scriptwriters.

IT PRO asked members of the security industry what disasters could strike and what their impact might be. We whittled it down to five plausible, in some cases fairly likely, eventualities.

The critical infrastructure collapse

The security of critical infrastructure providers has been on the lips of everyone from security researchers to GCHQ directors since Stuxnet broke out.

It is almost certain other pieces of malware with similar levels of sophistication and financial backing to Stuxnet are out there now. In fact, they are likely to be even more intelligent pieces of malicious kit, given they have hidden themselves from detection.

Consider this: any nuclear centres using Windows software are at risk from such threats, which could help hackers gain access to systems and initiate a major disaster. The potential for chaos is clear. No longer are cyber attackers limited to the digital world. They can take lives from the comfort of their own desk chair.

Outside of nuclear sites, hackers could compromise power grids, utility supplies and manufacturing equipment and cause utter devastation.

With the latter, if a hacker managed to modify the parameters of manufacturing systems, there could be an increase or decrease in production rates, thereby effecting businesses of all kinds. In turn, the economy would also take a hit.

Changes could also be made to the products or parts in production, tricking companies into sending out faulty parts, such as car brakes for instance. The turmoil that followed the Toyota brakes fiasco is reason enough for firms to worry.

It is clear that protecting these kinds of services is now vital to both businesses and national security at large. Panda Security summed it up nicely, telling IT PRO “this is not Sci-Fi, but reality right now.”

1 2 3

Email to a friend

Print this page

< Previous Security : Analysis & Insight Next >

2 comments

You need to Login or Register to comment.

Significant Risk Reduction - Simples

It seems to me that a move away from Microsoft Windows operating systems would significantly reduce the risks mentioned, especially in the nuclear and NHS arenas.

By Fractalus on Tuesday Nov 2

A threat the world is still waking up to.

My background is in AI on the research side, and one of the very biggest threats I identified with a working system was this type of hacking.
AI systems are special because they have high inbuilt autonomy and obey symbolic commands and generally need power of action - which can all add up to make something potentially very lethal. A fully hacked AI could be ordered to kill directly and would then pre-plan methods of doing it by itself. In a lot of cases (like auto-driving cars) simply crashing the system could be enough to kill.
Real systems (would) also have a potentially lethal security flaw, because every system needs occasional connection to a central security core +the need for security codes, control codes, and above all emergency override codes. If the server that held these codes was breached a hacker could turn any number of systems to whatever they wanted, potentially turning them into a real weapon of mass destruction. I did develop a solution to this but it is very complex and awkward and creates real difficulties - and unfortunately it cant easily be extended beyond AI.

Anyway its all moot because this project is at least ten years away and has been on hold for 8 years. J
The lesson that comes out of it all is that any system anywhere that updates peoples software from a central server is potentially very vulnerable , and today that’s basically all of them - software and hardware.

By lucien86 on Friday Nov 5