Code Security: MidAmerican Energy's top priority after SQL injection attacks
Source: CSO Online - Posted by Alex   
Latest News Security practitioners are increasingly bent on better code security, as Microsoft SDL, BSIMM and Rugged demonstrate. Here's how it became Priority 1 for one of the nation's largest energy providers. MidAmerican Energy Company is the largest utility in Iowa, strategically located in the middle of several major markets in the Midwest, providing service to more than 725,000 electric customers and more than 707,000 natural gas customers in a 10,600 square-mile area from Sioux Falls, S.D., to the Quad Cities area of Iowa and Illinois. This makes it a tempting target for an attacker bent on striking a blow to critical infrastructure.

Under the direction of John Kerber, manager of information protection, MidAmerican did an extensive review of its security procedures and found that its spread-out network had to be tightened up, particularly when it came to Internet access. Since the company owns other utilities across the globe [including PacifiCorp, which provides power to a large swath of the West coast], there were too many Internet access points that could be targeted. More importantly, though, the company found its biggest problem in the code that makes up its myriad applications for everything from power distribution to online billing services.

"Last May we had an incident where one of our web pages was exploited through an SQL injection flaw," Kerber said. "It was a wake-up call that we had vulnerabilities people could find out about."

In tackling the problem from the beginning of the app development process, MidAmerican is following a growing trend in the infosec community that relies less on bolt-on defenses and more on code security.

Read this full article at CSO Online

Only registered users can write comments.
Please login or register.

Powered by AkoComment!