The Impact of the RSS Breach on Critical Infrastructure

1215 Words3 Pages
bulb-icon

Recommended: A paper on critical infrastructure protection

RSA is a division of EMC Corporation that offers security products to businesses and government agencies. RSA’s flagship product is SecurID, a combination of two-factor authentication tokens (hardware and software) and the associated server software used in their implementation. This product aims to deliver secure remote access, including access to critical infrastructure. In 2009, it was estimated RSA had “about 40 million tokens and 250 million mobile software versions deployed in over 25,000 organizations”, including banks, government, manufacturing, and pharmaceutical companies (Rashid, 2011). In this paper we will examine the 2011 breach of RSA involving the SecurID product, the incident response and recovery, mitigation strategies, and discuss the ramifications of such private sector breaches on overall incident management and response.

Incident Response

RSA discovered the attack while it was still in progress (Gov InfoSecurity, 2011). Once discovered, RSA’s Computer Incident Response Team began to monitor the attackers to determine the extent of the breach, discovering that data pertaining to their SecurID tokens had been exfiltrated (Rivner, 2011). RSA executive chairman Art Coviello describes the discovery by stating, “We were disappointed when we realized they'd exfiltrated information related to SecurID, and then we totally went into customer-focus mode. [We asked] how are we going to communicate this to customers, how are we going to make sure that we mitigate any potential risk, what exactly is the risk” (Espiner, 2011). RSA began to harden their IT infrastructure to mitigate any further damage. However, there appears to be no public data on what specific hardening steps were taken by RSA.

RSA publicly announce...

... middle of paper ...

...ember 12, 2011, from Gartner: http://blogs.gartner.com/avivah-litan/2011/04/01/rsa-securid-attack-details-unveiled-they-should-have-known-better/

Rashid, F. (2011, March 18). RSA Warns SecurID Customers of Data Breach. IT Security & Network Security News. Retrieved November 14, 2011 from http://www.eweek.com/c/a/Security/RSA-Warns-SecurID-Customers-of-Data-Breach-395221/

Rivner, U. (2011, April 1). Anatomy of an Attack. In RSA. Retrieved November 10, 2011, from http://blogs.rsa.com/rivner/anatomy-of-an-attack/

RSA. (2011). Required Actions for SecurID Installations. Retrieved November 12, 2011, from SEC: http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992

.htm

Schwartz, N., & Drew, C. (2011, June 7). Rsa security faces angry users after breach. Retrieved from http://www.nytimes.com/2011/06/08/business/08security.html?_r=1&pagewanted= all

Show More
Related

  • Summary Of Cuckoo's Egg: A Review?

    1885 Words  | 4 Pages

    However, I feel users had a different vision/perspective on security mechanisms and they trusted each other during those times and did not have to worry about protecting their information (this is how exactly, one person’s ignorance becomes another’s person’s - hacker, here bliss). This book helps us to understand the vulnerabilities; its impacts and why it is important to address/ fix those holes.

    Read More

  • Nt1310 Unit 1 Term Paper

    1112 Words  | 3 Pages

    In this section we investigate attacks and threats to our primary devices. These attacks and threats are built off of the vulnerabilities the previous section and help to determine which security controls would be most valuable against future attacks.

    Read More

  • Should Apple Be Forced For Unlock An Iphone?

    855 Words  | 2 Pages

    Issa utilizes statistics to suggest ideas. He says, “The Office of Personnel Management’s security breach resulted in the theft of 22 million Americans’ information, including fingerprints, Social Security numbers, addresses, employment history, and financial records” (Issa). Issa also adds that, “The Internal Revenue Service’s hack left as many as 334,000 taxpayers accounts compromised‑though just this week, the IRS revised that number to o...

    Read More

  • Presentation Outline On Data Beeches And Cybercrime

    884 Words  | 2 Pages

    Privacy in the digital age: preventing Data Breaches and combating cyber crime: Hearing before the Senate Committee on the Judiciary, House of Representatives, (February 4, 2014) (testimony of John Mulligan, executive vice president and chief financial officer of Target) Retrieved from https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-020414.pdf

    Read More

  • Hacking Continuous Glucose Monitors

    1280 Words  | 3 Pages

    ...Belittles Security Flaw." Technology News, Tech Product Reviews, Research and Enterprise Analysis - News & Reviews - EWeek.com. EWeek, 25 Aug. 2011. Web. 15 Oct. 2011. .

    Read More

  • Computer Hackers and Greed

    1873 Words  | 4 Pages

    Washkuch, Frank, Jr. "Rootkits, Blackmail Scams on the Rise." SC Magazine. Haymarket Media, Inc., 13 Apr. 2006. Web. 30 Apr. 2014. .

    Read More

  • Addressing Cybersecurity: A Call for Federal Privacy Protection

    1586 Words  | 4 Pages

    About 15 million United States residents have their identities and information used fraudulently each year. Along the use of their identities, they also had a combined financial loss totaling up to almost $50 billion. Major companies such as Apple, Verizon, Target, Sony, and many more have been victims of consumer information hacking. In each of the cases, millions of consumers’ personal information has been breached. In the article “Home Depot 's 56 Million Card Breach Bigger Than Target 's” on September 18, 2014, 56 million cards were breached due to cyber attackers. Before the Home Depot attack, Target had 40 million cards breached. Company’s information is constantly being breached and the consumers’ are the ones who end up having to pay the price. If a company cannot protect the information it takes, then it should not collect the information.

    Read More

  • The Anonymity Experiment by Catherine Price

    1019 Words  | 3 Pages

    A concern that is happening that the government and corporations is that personal information is not secured well enough. Price states how over 100 million sensitive records were hacked or lost in a year and the percent of increase in data breaches is 650 more than last year. Her description of how unreliable the government is with personal information by using logical and well researched information to put no faith and fear in the reader. Price is saying that the government hasn't given a reason on why people should trust them and should voice their worry about this. Sorrells's contrast on how the government is ...

    Read More

  • CyberSecurity and the Threat to National Security

    2034 Words  | 5 Pages

    ...ather than a proactive one. According CNET News dated December 21, 2011, it is possible that this invasion, “ could have gained access to all information the Chamber has on its 3 million members .” (19) The only counter measures taken so far and that have been revealed is that the 300 Internet addresses were shut down in May 2010. The very recent public notification of this cyber-attack will continue to unfold and what new implemented strategies to prevent a reoccurance remains to be seen.

    Read More

  • The Types And Disadvantages Of Asymmetric Encryption

    1007 Words  | 3 Pages

    In July 2015, many of the world’s high ranking cryptographers published that the loss and destruction induced by adopting a key escrow system 20 years ago would be even more serious, that would be very hard to identify security weaknesses that could be misused by

    Read More

  • HIPPA and the Privacy of Medical Records

    1335 Words  | 3 Pages

    There is constant concern about different kinds of devices and tools because of their vulnerability: laptops; personal computers in the home; libraries and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security.... ... middle of paper ... ...

    Read More

  • The Heartbleed Bug

    662 Words  | 2 Pages

    The researchers that discovered the issue have said that the problem has been present for more than two years, since March 2012. Any communication over the two years, a hacker could have been eavesdropping. This bug is not a simple fix because for there to be no security issues both the website that has been compromised and the individual users have to work together. The website has to upgrade to the patched version of the OpenSSL, revoke compromised SSL certificates and get new ones issued. After that then the individual users can go in and ...

    Read More

  • Technology Threatens Your Privacy

    959 Words  | 2 Pages

    Privacy threats are currently the biggest threat to National Security today. The threats are not only concerning to the government, however. An alarming 92% of Americans are concerned that the power grid may be vulnerable to a cyber-attack (Denholm). Although this is a more recent development to the cyber threats we have experienced, this is not the first time that privacy threats have stepped into the limelight as people are forced to watch their every online move.

    Read More

  • The Threat of Cyberwarfare and Cyberterrorism

    1684 Words  | 4 Pages

    Stohl, M. (2007). Cyber terrorism: A clear and present danger, the sum of all fears, breaking

    Read More

  • Importance of Cyber Security

    1732 Words  | 4 Pages

    Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...

    Read More

More about The Impact of the RSS Breach on Critical Infrastructure

Open Document