Sarbanes Oxley : Data Governance : Security
You Can Own the Infrastructure of a Country
It is very easy for intruders to get a list of weak systems from Showdan
In response to ongoing reports from the US Dept. of Homeland Security about hacking of government networks and destructive malware that is threatening US critical infrastructure, cyber security expert Philip Lieberman, president of Lieberman Software said:
“This is the scenario raised by NIST and NSA for the last 5-plus years with the power industry and those that have responsibility for the critical national infrastructure of the USA. It is very easy for intruders to get a list of weak systems from Showdan using a credit card, then take over the systems using well-known exploits or more powerful and secret zero-day attacks available to governments. In a few hours you can own the infrastructure of a country.
Unfortunately, many in the power and infrastructure business have literally zero interest in implementing IT security, and consider it to be a nuisance and unproductive expense. The prevalent attitude is that the utility employees should be able to get to anything and everything with no controls and accountability so that they can manage systems in real time with no delays or inhibitors.
In many cases systems have factory default passwords, passwords are stored on spreadsheets and openly shared on the company network, or they are stored in easy-to-crack vaults for passwords that are provided by off-shore companies. The net effect is that in many cases these life critical services are being run by organizations that are trivial targets to exploit by nation states.
Go forward plan: don’t aggravate nation states and/or fix the security of these systems. The current administration has not implemented strong security requirements for life critical systems. My best guess is that someone will need to die as a result of a nation state attack to get the administration to take concrete action to shore up this national problem.
It would be naïve and foolish to think that other governments would not use the same techniques used to compromise Iran’s nuclear refining capability on US companies and their infrastructure.”
Lieberman Software Corporation released its first commercial product in 1994, but traces its roots back to 1978 when it was founded as a software consultancy. Since its inception, the company has been a profitable, management owned firm.
For years, Lieberman Software products have been the choice of organizations concerned with locating and remediating security problems occurring within the IT infrastructure, where rapid and comprehensive response is crucial. For Lieberman Software customers in all major vertical markets, "weeks of work cut down to seconds" is the norm.
Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privilege management solution set, while growing its customer base in this vibrant market. Lieberman Software also develops a line of long-standing Windows security management tools.
Lieberman Software now has more than 1,400 global customers, including nearly half of the Fortune 50. The company is a Microsoft Gold Application Development Partner, an Oracle Gold Partner and an HP Silver Business Partner.
The company is headquartered in Los Angeles, CA with offices and channel partners located around the world. All product development and testing operations are based in the United States.