Can a Worm Take Down a Nuclear Power Plant?

December 15, 2010

There were recent media reports that a computer worm called the Stuxnet Worm had been released by our government to launch a cyber attack against a nuclear power plant in Iran. The worm, which was transported by using thumb drives and computers that weren’t connected to the internet, targeted the software the operated the plant. After further research, the worm actually spread to many countries and raised concerns about our own national security.

If the Stuxnet Worm or a similar worm were to attack a private business that provides critical infrastructure to the government, it could greatly hamper their ability to provide national security. The emergence of the Stuxnet Worm raises many questions about this new type of warfare. Should an international treaty be drafted? What is the best way for the government to work with the private sector to help protect our critical infrastructure?

You can read the entire report on the CRS website.


Addressing ALL of your security exposures

August 7, 2009

Last night I attended a cyber security roundtable hosted at the Intercontinental Hotel in Kansas City. The members of the panel were 2 FBI Special Agents and a national security consultant from the Laconia Group. Among the many topics they discussed was the importance of addressing every potential security exposure you have as a business.

The Fence analogy, which they used to explain the issue, discusses the importance of constructing each plank in the fence as opposed to building half of them 15 feet tall and leaving the other half out. A fence missing planks won’t keep anyone out but a fence with every plank that’s 5 feet tall will keep people out. When talking about security, it’s important to address every issue facing your business and it’s valuable assets. These issues can be insiders, investors, marketing materials, cyber security, or your suppliers. If you have the most sophisticated cyber security system but your vendors release all your information, you’ve done nothing. If you make potential investors sign an NDA but those potential investors take that information and sell it to a competitor, you’ve done nothing. If you’re interested in hearing more about the presentation, feel free to shoot me an e-mail.

Ways to Stop Internal Data Theft

June 9, 2009

Most people will agree that the biggest threat to your businesses data is internal; whether is be a disgruntled employee stealing company data or an employee accidentally downloading a program that opens the floodgates for the hackers.  Protecting company data from an internal breach is one of the biggest challenges facing small to mid sized businesses today.  Many of the solutions Fortune 500 companies use are just too expensive to implement on a smaller scale.  

While browsing the web recently, I ran into a company, Interguard, that claims to “protect your organization from all costly internal threats.”  The software consists of 3 modules, Datalock, Sonar, and Laptop Cop and each modules costs between $32 and $125 per license depending on the module and the number or licenses purchased.  I’d be interested to talk to anyone who has used this software so if you know anyone, please have them e-mail me or comment on this post.  

To visit Interguard’s website, go to