Military-Style Network Measures Needed to Secure Infrastructure

Situational awareness that borders on command and control (C2) may be necessary to protect vulnerable networks in the nation's critical infrastructure. The threat to these increasingly complex industrial control systems will require more than just commercial off-the-shelf security solutions, according to a panel of experts at TechNet Asia-Pacific 2011 in Honolulu. Rear Adm. Paul Becker, USN, the U.S. Pacific Command (PACOM) J-2, warned that the proliferation of control systems, coupled with a lack of network situational awareness, are prime opportunities for cybermarauders. In calling for C2 of networks, he noted that while nation-states appear to be the only cyberthreat with the ability to attack the nation's infrastructure, organized crime now is able to develop or hire hacker talent. Bryan Richardson, a critical infrastructure security expert with Sandia National Laboratories, stated that the good situational awareness tools that the infrastructure needs largely must be customized specialty solutions, although some could come from traditional information technology sources. Sandia has performed many assessments, so it understands the different types of systems and what needs to be done for them, Richardson said. David Rolla of the Hawaiian Electric Company added that a good network situational awareness tool must be able to weed out legitimate security threats from natural disasters or even overzealous marketing events. His company is trying to put in place a holistic system that protects the entire network from start to finish.