Languagesx
English Deutsch
Subscribe
Home One Way to Protect Your Organization From Stuxnet-like Attacks

One Way to Protect Your Organization From Stuxnet-like Attacks

Late last year the Stuxnet made international headlines by infecting computers at an Iranian nuclear power plant. Much of the coverage has been focused on speculation as to who was behind the malware, which appeared to be designed specifically to target nuclear power plants with certain types of equipment. But how were the creators of Stuxnet able to infiltrate a high security nuclear power plant? According to Symantec, one of the key components in the attack was a legitimate digital certificate. The attackers either stole a private key, or were able to get their files signed. How can you keep your digital certificates and encryption keys safe?

Venafi is a company that sells a product for managing digital certificates and encryption keys called Venafi Encryption Director. Today, it released a new version of its product. According to a market survey conducted by Venafi of 471 management and C-level respondents:

  • 51 percent stated they had experienced either stolen or unaccounted for digital certificates, or that they were uncertain if their organizations had lost, stolen or unaccounted for digital certificates in general
  • 54 percent stated they had experienced either stolen or unaccounted for encryption keys, or that they were uncertain if their organizations had lost, stolen or unaccounted for encryption keys in general
  • 46 percent of organizations are managing at least 1,000 digital encryption certificates; 20 percent are managing more than 10,000
  • 83 percent of organizations are managing technologies from at least two different CAs; 18 percent are dealing with more than five
  • 88 percent of organizations have multiple administrators managing encryption keys; 22 percent have more than 10
  • 42 percent or organizations manage encryption technologies from at least four vendors; 8 percent are dealing with more than 10

In an essay on Stuxnet, Venafi CEO Jeff Hudson writes in apparent reference these survey results:

Here’s a parallel analogy in the world of physical security. This is exactly the same as not knowing which people in a secure building are authorized to be on the premises and which are unauthorized. Imagine a bank where no one knew which people in the building were authorized to be there or not. This is not an exaggeration. This is an unacceptable situation to anyone who takes security seriously. This is an unquantified risk.

Stuxnet demonstrates the importance the damage rogue certificates can do. Encryption keys don’t do much good if they are lost or stolen. Whether you use Venafi’s solution or something else, you need to have a plan.

Symantec PGP TrustCenter competes with Venafi Encryption Director.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags
klint finley
Contributor

.

Related News

Logitech offers mouse and keyboard users free ChatGPT upgrade with AI Prompt Builder. A robotic hand with silver metallic fingers holds a black computer mouse on a red background. Text at the top of the image reads from left to right: "Recipes Instructions 0". Below that is a text box with the following options, top to bottom: "Rephrase", "Summarize", "Reply", "Create Email", "Brainstorm".
Logitech offers mouse and keyboard users free ChatGPT upgrade
Suswati Basu
Streets of Sakarya city during the Ottoman Empire
Medium bans AI-generated content from its paid Partner Program
Sophie Atkinson
How to tell if something is written by ChatGPT
How to tell if something is written by ChatGPT
James Jones
Elon Musk black and white side profile, on a dark blue background which features a large Tesla logo. wads of money rain down on the logo
Elon Musk to raise Tesla AI staff salaries to curb OpenAI poaching
Ali Rees
a conceptual image with a magnifying glass and large 'AI' letters to symbolize AI detectors.
5 best AI content detectors
James Jones

Most Popular Tech Stories

Latest News

Release of Prison Architect 2 has been further delayed to September 2024
Gaming

Prison Architect 2 delayed again, this time to September
Graeme Hanna10 hours

A second delay has been confirmed for Prison Architect 2, less than a month before the expected launch date. The game is now expected to launch on Sept. 3. The...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.