It is impossible to assess cybercrime because companies are refusing to reveal the details of the cybercrimes committed against them, according to the members of a US panel that discussed cybersecurity at Silicon Valley's Computer History Museum in Mountain View, California. The panelists added that without this data, companies cannot adequately protect themselves against cybercrime. "Unfortunately, none of us has the facts," said Google CIO Douglas Merrill, who sat on the panel. "Without facts, you can't develop a risk profile. If we want to improve the reliability and security of the Internet, we have to have broad data."
Of particular concern is the security of SCADA (supervisory control and data acquisition) systems, which control processes in critical national infrastructure. Lack of awareness of threat and vulnerabilities of these systems, most of which are in the hands of the private sector, has led to a situation where almost all of these systems are potentially exposed to a misoperative cyber-extortion or cyber-terrorism attack, according to an expert US Government source, addressing a recent closed seminar in the UK.
Cyber security and SCADA security will be one of many subjects covered on the new Protecting Critical Infrastructure Course, 14-18 July 2008, led by Alan Farley BSc CPP FSyI, former Head of Security, Thames Water.