Page 45: of Offshore Engineer Magazine (Sep/Oct 2013)

44 46

suffered an attack last August, by

HSEQ

Iran, at least 30,000 computers were

Whitelisting infected (not damaged) and had data permanently erased, while hackers a solid defense partner stole IP, military and commercial tech- nology, marketing plans, plans for new

While there are quite a few elements to a solid defense in depth program, products, plus confdential business application whitelisting is becoming one of the shining stars in the security information, according to US intelli- professional’s ever-growing bag of tools.

gence offcials who say “other com-

Whitelisting, while not the silver bullet that cures all security ills, is a list of panies were affected.” These sources email addresses or domain names from which an email blocking program will say the dollar loss “was extremely allow messages to be received. Email blocking programs, also called spam signifcant.” flters, should prevent most unsolicited e-mail messages from appearing in

Yet, the ability to infict such losses subscriber inboxes. actually doesn’t require much talent.

Whitelisting means only approved programs can run. Any unapproved “Hacking shouldn’t be as easy as it programs will be prohibited from starting up. is,” Lewis says; 75% of the breaches of

One challenge when using application whitelisting in business networks is oil platforms exploited publicly known managing the constantly changing list of allowed applications. That burden vulnerabilities found in commercial is signifcantly reduced in control systems environments, because the set of software, congressional sources say. applications that run in those systems is essentially static.

Surveys, in 2011 and 2012, show only –Gregory Hale, Industrial Safety and Security Source. basic techniques are required to cause users sometimes forget to reset the breaches and one of the easiest paths software vulnerabilities, misconfgura- default setting. Cyber criminals can to invade an offshore energy facility is tions, weak passwords and systems use default settings to gain entrance. using default settings on computer and that leak information. Lewis says a

The use of the ordinary password is network devices. clever 12-year-old can cause a serious completely useless as a defense against A default setting is when a system breach.

hacking. The hackers lock in on known provider presets the password and the Professional hackers also rely on the or publicly unknown (Zero Day) username. After the system is installed, black market for automated malware

VISIT US AT OFFSHORE EUROPE, 3 - 6 SEPTEMBER BOOTH 3B240

SIMULATING SYSTEMS

SUB-SURFACE - SUBSEA - FLOW ASSURANCE - MARINE DYNAMICS

SEPARATION PERFORMANCE - TECHNICAL SAFETY [email protected] www.cd-adapco.com offshore engineer advert aug 2013.indd 1 09/08/2013 12:13 oedigital.com September 2013 | OE 47 044_OE0913_HSEQ_4_AdvPerThreat.indd 47 8/18/13 12:15 PM