Cisco Blogs

Situational Awareness and Organizational Security

- November 24, 2009 - 0 Comments

In this week’s CRR, we continued to follow an interesting roller coaster of events that has overshadowed electrical companies in Brazil over the past few weeks. There have been reports that recent power failures were a result of computer hacking, a rebuttal that the failures were not caused by hacking, and finally reports that power company websites were hacked into (though without any power failures). This has resulted in a flurry of media reports, fear mongering about “cyber attacks,” and general uncertainty about what is and is not possible.

Publicity about these issues and the denial of any computer involvement in the earlier blackouts motivated attackers to test the electrical provider’s network security. In this case, the hackers were allegedly able to exploit SQL injection flaws on the provider’s website, but were unable to penetrate the electrical control system, as the two services are on different networks. But regardless of the level of success, publicity from the earlier events and the various claims and rebuttals had the effect of increasing the threat landscape.

Security intelligence is essential to staying ahead of attackers. Through situational awareness, organizations can get a clear picture of how information is flowing across their networks, what kinds of authorized and unauthorized access attempts are being made, and much more. It is also valuable to have resources monitoring various media sources, as stories such as the first reports of hacking against Brazilian companies might have raised awareness that security for these sites was being publicly questioned.

Organizations need to combine a wide variety of technologies and processes to keep their systems and assets secure. This situation shows that media attention can have a direct impact on organizational security; luckily, the always-on and rapidly updating sources like Twitter can likewise be leveraged to monitor what is being discussed. Incorporating this kind of awareness into organizational security may provide a valuable early warning, and in turn increase organizational awareness and preparedness.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.