Sunday, October 22, 2017

Exclusive. ISIS cyberterrorist attack on data centres a real threat

Recent warnings surrounding nuclear plants, power stations and airports spark fears that data centres could also become a sought-after target for terrorists.

Data centres could become the next target for terrorist organisations such as the Islamic State of Iraq and the Levant (ISIS) which may have already developed enough intelligence to penetrate critical infrastructure.

“As applications are being built on distributed cloud APIs, big data analytics services, sensor aggregation and cloud surveillance platforms served through the cloud, data centres are more likely to become a target for cyber terrorists, such as ISIS,” Pascal Geenens, Radware EMEA security evangelist, told Data Economy.

Concerns surrounding ISIS cyber-attacks against critical infrastructure led in recent days British security services to issue a warning to UK-based nuclear plants, airports and power stations to up their defences as fears that terrorists have developed enough technology to bypass electronic security systems mount.

Germany authorities have also recently raised the country’s cyber security alert levels to heightened readiness.

In the data centre space that fear is also being felt due to the critical importance that facilities cater in an ever more digitised world.

Several operators, data centre services providers and infrastructure players have also told Data Economy that terrorism is a growing concern.

Wishing to remain anonymous, sources said that customers have also come forward in recent months with questions surrounding data centres readiness to both physical and cyber terrorist attacks.

As data centres assume their position in the critical infrastructure space, calls for more preparedness surrounding airports, nuclear plants and power stations should be taken serious by the data centre industry as well.

Greg Freeman, VP, EMEA, Console Connect, told Data Economy: “In a national or governmental context, poor security in and between data centres could spell disaster for national critical infrastructure.”


22% of data centre outages are caused by cyberattacks. Source: Ponemon Institute/Vertiv


Growing threat level

The threat surrounding data centres cyberspace is not new, however, only recently stakes have been raised considerably.

The “2016 Ponemon Institute Cost of Data Center Outages” study, commissioned by Vertiv, has found that in 2016, 22% of data centre outages were caused by cyberattacks, up from 18% in 2013. Cybercrime was that year labelled as one of the fastest growing concerns surrounding data centre downtime.

Failing to have the right cyber strategy in place could also prove costly as financial damages associated with downtime have also soared in recent years.

According to the same study, the average cost of a data centre outage in 2016 was $740,357, up from $505,502 in 2010.

Geenens said: “An effective security strategy should assess the risk and establish an adequate protection based on that risk profile. In general, I would argue that since October 2016 an effective DDoS protection should be part of any security strategy going forward, based on the evolved threat landscape and the economy of DDoS attacks.

“DDoS attacks have a fairly low upfront investment thanks to IoT botnets and are very lucrative for hackers either as DDoS-for-hire or with ransom DDoS.

“Ransom DDoS pretty much puts a target on anyone with an online presence, there is no discrimination or special interest groups; when you are unprotected you are a potential target.”

Adding to this, Freeman said that to combat poor cyber terrorism security in the data centre, operators should continue to strengthen their IT infrastructures to secure all data in storage and in transit.

He said: “Paramount to this goal is the continued adoption of Layer 3 routing, which can enable segregation of traffic and the implementation of granular security rules when interconnecting.

“The latter function is particularly important, as it would prevent hackers from breaching beyond a router’s subnet, thus removing the vulnerability of sensitive data.”


Human errors can grant terrorists access

In addition to the DDoS and Layer 3 routing security, data centre operators have also been advised to minimise the impact of human errors in the data centre which count for most outages and problems in the space, several reports have found over the years.

According to Josh Yavor, Director of Corporate Security at Duo Security, despite all the advances in security, attackers know that they can always rely on human error to gain access to critical data.

He told Data Economy: “Phishing is proven to be effective, which is why it is used almost exclusively by attackers as the primary point of entry to gain an initial foothold.

“Companies who use traditional collocated or wholly-owned data centres often have increased network access to data centre-based systems such as the CDU/PDUs (Current/Power Distribution Units – basically “smart” power strips that can provide control and metrics) and other Industrial Control Systems (ICSs) such as generators and fire suppression systems.”

Also speaking to Data Economy, Ravid Circus, VP of Products at Skybox Security, said that for many in cybersecurity including data centre operators, the state of cybersecurity is “a bit like a Second World War movie”.

“Cybersecurity teams see the damage but too often lack visibility into what they are trying to protect, their most pressing risks and the security tools at their disposal,” he said.

“Security teams function operate in constant reactionary mode, while a strategic, proactive security program remains elusive.”

In the end, Radware’s Geenens also highlighted that the threat of a cyber terrorist attack is not just confined to the data centre industry.

He said: “Online trading and financial institutions also provide likely platforms that directly impact the economy of a country, targeting these services provides leverage for terrorists.”