Critical Infrastructure Security Starts with Endpoints

Critical Infrastructure Security Starts with Endpoints

This post was written by Liviu Arsene, Senior E-threat Analyst at Bitdefender

Bucharest, Oct. 24th

Digitalization and the continuous integration of internet-connected systems within critical infrastructures has brought forward significant benefits in terms of operating, managing, and optimizing systems that until now were manually handled on-site by an army of trained technicians. The integration of remotely-controlled systems within critical infrastructures has not only boosted efficiency, but has also increased operational visibility into infrastructures that, until now, were dependent on the human factor.

But for all these benefits, digitalization is not without security risks. As a wide array of systems are now network connected, remotely controlled, and sometimes even internet connected, they are at risk of being targeted by threat actors. Unfortunately, due to the critical nature of these infrastructures, if they were remotely controlled by ill-intended parties such as cybercriminals or even nation-state actors, any disruption in their activity could be devastating.

Infrastructure Attacks Are Real

Recent cyberattacks on critical infrastructures have proven more than disruptive. The WannaCry incident that leveraged a vulnerability in a deprecated and unpatched Windows operating system service has affected not just machines controlling key infrastructure systems, but also indiscriminately infected any vulnerable internet-connected endpoint.

Some figures about Systems Affected by WannaCry Ransom Attack

A series of recent Ukraine power outages was also the result of threat actors remotely controlling the Pivichna substation near Kiev, causing a blackout that lasted for about an hour. However, this was not the first time Ukraine’s power grid was under fire from cybercriminals, as several similar incidents have occurred since late 2016, all with the same disruptive results.

The United States was not immune to similar cyberattacks, as a command-and-control system belonging to small dam in Rye Brook, New York, was remotely controlled by cybercriminals. While the attack did not result in any significant damages, the results could have been far worse.

An Iranian nuclear power plant was also seriously affected by a piece of malware known as Stuxnet, whose purpose was to ruin Iran’s nuclear centrifuges, causing setbacks to their uranium enrichment program. Targeting the endpoints within the facility’s network, the malware was able to inflict serious physical damages to key infrastructure components before being spotted and removed.

The UK had concerns as well about its industrial systems being compromised by threat actors, following a report from GCHQ revealing some may have been compromised. While there’s no mention of the extent of the cyberattack and how much the threat actors were able to control, there are serious concerns over what might happen if multiple systems could be taken offline in a coordinated cyberattack.

The number of attacks over Critical Infrastructures and Industrial Control Systems has increased during the last years

CIPSEC project results receive funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
The opinions expressed and arguments employed in this publication do not necessarily reflect the official views of the Research Executive Agency (REA) nor the European Commission.