The security of critical infrastructure, organizations and individuals can often get physical, a group of experts discussed on Thursday at the New York Institute of Technology (NYIT) 6th Annual Cybersecurity Conference in Manhattan.
During the early afternoon session, panelists chatted about the idea of an individual – such as a vendor – bringing an untrusted computer into a trusted environment.
The discussion reminded moderator Peter Curtis, president and CEO of Power Management Concepts, of an incident where a laptop with malware caused systems to shift back to default settings, thus eliminating failover capability.
Paul Silba, director of cyber security with the New York Power Authority, said the incident is an example of why education is important. He said that workers should know that such actions are against policy, and they should be aware of the repercussions of not following said policies.
Shaun Mooney, director of infrastructure with Colliers, said that anyone who comes into a trusted environment – such as a data center – needs to be preauthorized. He explained that they should be required to obtain insurance certificates, which often have to be requested days in advance.
“Nobody sells full protection,” Idan Edry, chief technology officer with Nation-E, said, explaining that there are more vulnerabilities out there than just bugs in systems and software. He used an example of there being no cell service, which could prompt users to go on Wi-Fi where they are at high risk.
These days, it is not just computers and other systems that need securing.
Ronald Mraz, president and CEO of Owl Computing Technologies, said that just recently his company heard from an amusement park that wanted help securing its roller coasters. The security world continues to surprise him, he said.