With computers controlling basic infrastructure such as electricity and telecommunications, the need for tight security around such systems is greater than ever before.
“There have been many examples of computer systems that have been attacked and brought down real processes,” he says. Morin cites a case in Florida in which the 911 emergency number was re-routed and one in Boston where an air traffic control system was attacked. Fortunately, in that case there was a back-up system.
But he says he sees countless failures on a daily basis that are from “non-malicious” origins. He notes that computers now control physical processes — they don’t just move around bits and bytes anymore.
“Soon, we’ll see devices that do anything and everything and IT managers need to think ‘are my systems secure’?”
The public and private sectors need to work together and Morin says InfraGard, a public-private sector partnership dedicated to increasing the security of the US’ critical infrastructures, is an example of how it can be done.
Infragard’s stated goal is to “enable the flow of information so the owners and operators of infrastructure assets can better protect themselves and so that the US government can better discharge its law enforcement and national security responsibilities”. It aims to share such information while protecting privacy and civil rights.
Foreign intelligence organisations, terrorists, competitors engaging in industrial espionage and plain old hackers, including politically-motivated “hacktivists”, are some of the enemies government and private sector IT security managers face, Morin says.
An example which may fall into the industrial espionage category is a recent case in the US where book e-tailer and ISP Alibris was found guilty of unlawfully intercepting emails from competitor Amazon.com and trying to entice buyers away.
Alibris faces a $US250,000 fine, Morin says.