This page contains a Flash digital edition of a book.
Sharing information between government and the private sector can be challenging at times, Savage admits. “There is a high sensitivity in sharing that information and a high degree of trust is needed to make that work”, he says.

CPNI has an advisory role in improving the security of privately owned infrastructure, Jones points out. “Although their role is only advisory, they are listened to closely by security managers at various private organizations…. Their remit is to liaise between the government and private organizations that are responsible for critical national infrastructure”, he adds.

Henry Harrison, technical director at

Surrey, England-based Detica, says that the UK government has worked very closely for some time with UK businesses around critical infrastructure protection in cyberspace, as well as in the physical world. “It is absolutely central to critical infrastructure protection that there should be public-private partnerships”, he says.

“The private sector has to be involved because they run the infrastructure and they will have to actually do things to deal with the threat.”

The same is true in the US, Purdy confi rms. He noted that the Department of Homeland Security has set up a number of public- private industry groups under its National Infrastructure Protection Plan to improve the security of critical infrastructure. “It is essential to have public-private partnerships on an ongoing basis assessing the risk, prioritizing risk mitigation, and trying to improve the way the public and private sectors work together to detect, analyze, and respond to threats and recover from attacks”, he contends.

Hard Day’s Night

So what does the future hold in terms of critical infrastructure protection? It seems that governments and industry are fi nally taking the threat of cyberattack seriously. Perhaps the wake up call came with the apparent success of Stuxnet, which

demonstrated that a cyberattack could, in fact, disrupt a critical infrastructure facility. Stuxnet also provided a digital blueprint for how to carry out such an attack, a blueprint that terrorist groups and other rogue actors can use against the critical infrastructure of industrialized economies. Western governments have teamed with private industry to plug the security gaps in critical infrastructure that for so long have been neglected. Two of their favored strategies are public-private partnerships and information sharing. But will these be enough to prevent a determined adversary from causing catastrophic failure of the infrastructure that makes modern life possible?

The industrialized countries must be

ever-vigilant because adversaries – whether hacktivists, terrorists, state- sponsored actors, or any combination of these – only have to fi nd one weakness in the billions of connected nodes that make up the critical infrastructure networks.

Stuxnet by the Numbers

Mossad, the CIA, MI6, or perhaps a little bit of them all? Who exactly was responsible for Stuxnet is anybody’s guess. One key indicator came from Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, who said at a December 2010 forum, “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are

doing everything we can to make sure that we complicate matters for them”. Security experts theorize that the research and development required for Stuxnet indicated the resources of a nation- state, but the damage it infl icted on Iran’s nuclear program provided a clear blueprint for would-be cyber terrorists seeking to infl ict damage on the components of critical infrastructure.

Country Iran

Indonesia India

Historical data from the early days of the Stuxnet worm attack showed that Iran, Indonesia and India accounted for the majority of the countries where computers were targeted (Source: Symantec)


Pakistan Other

Percentage of Stuxnet Infections

58.85% 18.22% 8.31%

Azerbaijan 2.57% US

1.56% 1.28% 9.20%

May/June 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52