Critical Infrastructure Security



by Alec Main, CTO, Cloakware 

Are banks effective even if they are occasionally robbed? The same goes for content protection systems, which, despite the occasional heist, have effectively protected video broadcast for decades.

DRM systems solve the same issues while meeting the challenge of a new age of distributed, connected mobile devices where consumers want content any time, anywhere, on any device. DRM is here to stay, but that does not mean it is the right solution for all content types, nor must it be 100 percent secure (for example, burn and rip is okay).

The occasional hack is tolerable as long as it is not global in nature and the delivery platform is sustained. Implemented properly, DRM can be effective, keeping in mind that it is merely a technology that supports underlying business models.

For digital content distribution to be effective, other essential ingredients must also enable the business model, including reasonable pricing, ease of use and flexibility, so that consumers get what they want.


by John Peters, CEO, Reconnex

While protecting intellectual property (IP) through digital rights management (DRM) is a start to safeguarding IP assets, it does not provide complete protection.

Even the best DRM strategies fundamentally rely on users to define sensitive information and set DRM classification. Experience teaches that this user-based decision-making needs to be validated with centralized content classification technology. Given the requirement for individual involvement, administrators do not know if the data protected by DRM represents all data on servers, laptops, or embedded in emails.

To truly protect IP, enterprises must provide uniform content classification — requiring a solution that discovers data at rest, monitors data-in-motion as it leaves a network, and captures all information. This allows administrators to discover and register data-at-rest, have complete visibility into data-in-motion, and have tools to perform after-the-fact investigations to update rules and classification polices. These investigations let administrators see what happened, change policies, and re-train users.


Storm Worm

What is it?
Storm Worm is just one of the many names used for a prevalent mass-mailing email virus. Storm Worm began circulating in January, although earlier variants may have been seen in 2006, as part of the W32/NUWAR virus family.

How does it work?
Storm Worm arrives in an email as an executable attachment. The email may have many different subjects, and is most commonly disguised as breaking news about a world event, in an attempt to entice a user to click on the attachment. Once the executable is running, it attempts to use the eDonkey P2P network in order to locate a URL from which to download additional code, including a spam trojan, an email-stealing trojan, the mass-mailing part of the virus code, and a denial-of-service tool for use in attacking other networks.

 Should I be worried?
There is nothing particularly special about Storm Worm except for the widespread nature of its seeding.

How can I prevent it?
Storm Worm carries no exploit other than social engineering. If your email policy prevents executable attachments at the gateway, it will stop most instances of the virus. However, there is always the possibility of a mobile user becoming infected while checking mail at home, or the user who might use a webmail service without adequate virus filtering.

— Joe Stewart, senior researcher, SecureWorks

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.