Page 41 - GS140201
P. 41
CoverStory
Narendra's opinion is seconded by Gary Olson, President
and CEO of ESSA Bank & Trust in Stroudsburg, Pa. In a
Jan. 14, 2014, American Banker article, Olson remarked on Virtual warfare threat looms
the weakness of the card payment system and was quoted
as saying that the PCI standard is "not effective at all."
In May 2013, news broke that the U.S. Army
Unintended consequences Corps of Engineers experienced a breach
that targeted its National Inventory of Dams
As the U.S. payments ecosystem migrates to EMV, with database. U.S. intelligence agencies traced
the card brands having given retailers until October 2015 the attack to the Chinese government or
to upgrade their systems to accept EMV cards, Bloodworth "military cyber warriors," and raised the
expects Target-like breaches to continue to plague the U.S. specter of a future cyber attack by China
economy. on the U.S. power grid, which is more and
more reliant on hydroelectric power.
"[EMV's] not something you can implement over six
months," Bloodworth said. "It takes time. It's a very, very "The database that was stolen contained
large infrastructure that's already in place that needs all of the information for the 8,000 or so
to transition. And it takes time to transition. We will be hydroelectric dams that exist in the United
living with these risks for quite some time." States," said Tyfone's Don Bloodworth,
adding that among the data were estimates
Target is living the nightmare right now. The January of fatalities if a catastrophic breach
security webinar also outlined the costs and penalties occurred at any one of those dams. That is
Target might face due to the breach. why Bloodworth characterized the Target
breach as just the tip of the iceberg, with the
Craig Hoffman, Partner at BakerHostetler, said the card security threat "orders of magnitude greater
brands assess sizable fees if merchants are found not to than just plastic card payments."
be in compliance with the PCI DSS; a case management
fee assessed by one card company based on the number of The U.S. government seems to recognize
cards compromised; fees for noncooperation with forensic this fact. The Comprehensive National
investigators; and expenses to reimburse issuing banks for Cybersecurity Initiative, launched by
breach management costs, such as for reissuing cards to President George W. Bush in January 2008,
consumers. addresses the threat of cyber attacks to the
telecommunications infrastructure, the
Several class-action lawsuits have been filed against power grid, oil pipelines, refineries and
Target, with one suit alleging that security investigator financial networks.
Brian Krebs reported on the compromise before Target
notified its customers of the breach. "A successful attack against a major financial
service provider could severely impact
the national economy, while cyber attacks
The way the Target breach story has unfolded is an against physical infrastructure computer
example of how a complex situation can seemingly take
on a life of its own. systems such as this that control power
grids or oil refineries have the potential to
disrupt services for hours to weeks," the
"[N]o matter how hard you try to anticipate what could CNCI said in a 2009 report to Congress.
have occurred, it's simply a function of how much time
you have to investigate what occurred against the outside Threats could originate from foreign
pressures pushing on you to talk publicly about what military or intelligence operatives rather
happened, especially if you have security researchers than from terrorist groups. Of additional
calling you and telling you they are prepared to publish a concern to the government is that cyber
blog story about what they've learned about an attack on thieves could turn from hacking into
you," Hoffman said. centrally stored piles of sensitive data to
disrupting the physical infrastructure that
In effect, media pressures for information on the breach we all rely on for electricity and water.
can take a retailer's attention off of actually finding out
what happened. "It puts you in the position of wanting to The report said the "incapacity or
be out front and making a statement and oftentimes you're destruction" of U.S. infrastructure "would
not done with the forensic investigation," Hoffman stated. have a debilitating impact on security,
national economic security, national public
Judging by what Target is going through, a retailer's health and safety, or any combination of
network administrator might want to think twice before those matters."
clicking on the "I accept the risk" button on the admin
screen and opening up the locked gate to the sensitive and
valuable data stored inside.
41
41
41
Narendra's opinion is seconded by Gary Olson, President
and CEO of ESSA Bank & Trust in Stroudsburg, Pa. In a
Jan. 14, 2014, American Banker article, Olson remarked on Virtual warfare threat looms
the weakness of the card payment system and was quoted
as saying that the PCI standard is "not effective at all."
In May 2013, news broke that the U.S. Army
Unintended consequences Corps of Engineers experienced a breach
that targeted its National Inventory of Dams
As the U.S. payments ecosystem migrates to EMV, with database. U.S. intelligence agencies traced
the card brands having given retailers until October 2015 the attack to the Chinese government or
to upgrade their systems to accept EMV cards, Bloodworth "military cyber warriors," and raised the
expects Target-like breaches to continue to plague the U.S. specter of a future cyber attack by China
economy. on the U.S. power grid, which is more and
more reliant on hydroelectric power.
"[EMV's] not something you can implement over six
months," Bloodworth said. "It takes time. It's a very, very "The database that was stolen contained
large infrastructure that's already in place that needs all of the information for the 8,000 or so
to transition. And it takes time to transition. We will be hydroelectric dams that exist in the United
living with these risks for quite some time." States," said Tyfone's Don Bloodworth,
adding that among the data were estimates
Target is living the nightmare right now. The January of fatalities if a catastrophic breach
security webinar also outlined the costs and penalties occurred at any one of those dams. That is
Target might face due to the breach. why Bloodworth characterized the Target
breach as just the tip of the iceberg, with the
Craig Hoffman, Partner at BakerHostetler, said the card security threat "orders of magnitude greater
brands assess sizable fees if merchants are found not to than just plastic card payments."
be in compliance with the PCI DSS; a case management
fee assessed by one card company based on the number of The U.S. government seems to recognize
cards compromised; fees for noncooperation with forensic this fact. The Comprehensive National
investigators; and expenses to reimburse issuing banks for Cybersecurity Initiative, launched by
breach management costs, such as for reissuing cards to President George W. Bush in January 2008,
consumers. addresses the threat of cyber attacks to the
telecommunications infrastructure, the
Several class-action lawsuits have been filed against power grid, oil pipelines, refineries and
Target, with one suit alleging that security investigator financial networks.
Brian Krebs reported on the compromise before Target
notified its customers of the breach. "A successful attack against a major financial
service provider could severely impact
the national economy, while cyber attacks
The way the Target breach story has unfolded is an against physical infrastructure computer
example of how a complex situation can seemingly take
on a life of its own. systems such as this that control power
grids or oil refineries have the potential to
disrupt services for hours to weeks," the
"[N]o matter how hard you try to anticipate what could CNCI said in a 2009 report to Congress.
have occurred, it's simply a function of how much time
you have to investigate what occurred against the outside Threats could originate from foreign
pressures pushing on you to talk publicly about what military or intelligence operatives rather
happened, especially if you have security researchers than from terrorist groups. Of additional
calling you and telling you they are prepared to publish a concern to the government is that cyber
blog story about what they've learned about an attack on thieves could turn from hacking into
you," Hoffman said. centrally stored piles of sensitive data to
disrupting the physical infrastructure that
In effect, media pressures for information on the breach we all rely on for electricity and water.
can take a retailer's attention off of actually finding out
what happened. "It puts you in the position of wanting to The report said the "incapacity or
be out front and making a statement and oftentimes you're destruction" of U.S. infrastructure "would
not done with the forensic investigation," Hoffman stated. have a debilitating impact on security,
national economic security, national public
Judging by what Target is going through, a retailer's health and safety, or any combination of
network administrator might want to think twice before those matters."
clicking on the "I accept the risk" button on the admin
screen and opening up the locked gate to the sensitive and
valuable data stored inside.
41
41
41
