A Success for Threat Detection; Chalk one up for the Cyber DefendersSep 28, 2021
My routine is simple in the early morning:
- Get up
- Make some tea (as an English man, I am expected to drink a lot of tea)
- Look at some news
- See the latest cyber-attacks on infrastructure and utilities, and sigh
- Start work.
Today was different. What I saw was an article about a successful defense. Now that is rare and attracts my attention. Have a look at: CNN Article: Hackers breached computer network at key US port but did not disrupt operations
What is the difference here?
Threat detection and response.
Protection is what many professionals focus on in security. Whether it is in defining regulatory requirements, business requirements or implementing systems to meet those requirements. Protection is like the locks on your doors and windows at home. It just makes it harder for the attacker to get in.
Cyber-security professionals assume that the protection will get breached and ask themselves, what happens next.
Threat detection and response is what happens next. It detects changes in the ambient threat-level, when an attack is being mounted, when an attack is successful and when the cyber-criminals have breached the protection.
Threat detection and response is like the outside security lighting, smart doorbells, and burglar alarms at home. If the cybercriminal gets past the protection, this kicks in. If you have it, that is.
And ask yourself? Will it be the locks on your doors and windows or the burglar alarm that catches the criminal? If you agree with me that it is the burglar alarm, then consider whether it is protection or threat detection that offers the greatest deterrent to the criminal.
Hats off to the guys at the Port of Houston. Recognizing the importance of threat detection and response. And bringing some joy to my morning routine!
Let’s think about this for the smart grid; an equally interesting target for cyber-criminals.
NES has been investing in threat detection response solutions to provide its customers with exactly this capability. By recognizing attacks on the smart meter infrastructure, we are better placed to block the attack – just like the guys at the Port of Houston. Maybe, the next positive article will be about successful defense of the smart grid?