For the past couple of years, threat actors have consistently targeted organizations in the energy, utility and other sectors. Cyberattacks on critical infrastructure have become increasingly more complex and more disruptive, causing systems to shut-down, disrupting operations, or simply enabling attackers to remotely control affected systems.
Traditionally, control systems were segregated from the open internet as they were deployed on air-gapped networks and under tight physical security. The IoT proliferation that cut down manpower and operational costs by enabling remote control and management of smart valves and smart meters from anywhere in the world have also exposed those networks to cybercriminals.
Eliminating air-gap security in favor of improving efficiency and cutting down costs has opened up critical infrastructures to threats and cyberattacks. The current geopolitical arena has turned cyberattacks on critical infrastructures into cyber-warfare, as the potential for disrupting a country’s critical infrastructure by shutting down power plants, disrupting oil pipes, even disrupting water and heating utilities can offer significant military advantages.
Military alliances such as NATO are even considering classifying cyberattacks on critical infrastructure of member states as open declarations of war, triggering the same military response as a traditional attack involving tanks, aircraft and soldiers. Attributing a cyberattack to a particular individual or nation-state is difficult in cyberspace, though, as forensic evidence can easily be manipulated to point security researchers onto misleading paths.
However, security technologies and best practices can help prevent or reduce the fallout of a breach and mitigate the risks associated with internet-connected industrial control systems, as well as the disruptions and impact an attack might have on a city or country.
IoT and Risk Exposure
Smart sensors and communication technologies bundled into various industrial control systems expose infrastructures and organizations to risks. The more smart devices plugged and connected to critical infrastructure networks, the greater the attack surface and potential damage. For instance, one vulnerable smart sensor connected to the internet can act as gateway for deploying attacks or compromising other critical systems on the same network, if compromised by threat actors.
Identifying vulnerabilities and gaining visibility into the number of smart devices and their role within the infrastructure can help reduce the risk of a successful cyberattack. Consequently, it’s important to keep a detailed inventory of all IoTs, constantly check for new security updates that address known vulnerabilities, and maintain them on a segregated network that’s completely isolated from other critical systems.
These operational technologies, such as software and hardware that can cause changes to physical devices, processes and events rarely have security features or even capabilities to fend off threats. Sometimes, because of their basic capabilities, this excludes the possibility of securing them using traditional security technologies. We’ve seen many examples of threats, such as BlackEnergy, Triton, and even the NotPetya and WannaCry ransomware outbreaks that had devastating effects on critical infrastructure.
The number of cyberattacks on US critical infrastructure has steadily risen in the past couple of years, ranging from denial of service attacks to full remote control, all aimed at disrupting operations of power plants and even oil and gas facilities. While some malware-powered cyberattacks can be contained and remediated, other intrusions seek to discover and exfiltrate sensitive information, such as intellectual property data.
Critical infrastructures can also be attacked indirectly. Threat actors often profile employees and compromise their home networks and endpoints in an attempt to find sensitive work-related data or use compromised BYOD devices to gain access to critical infrastructures.
Increase Visibility
To effectively identify threats gunning for IoTs or OTs, visibility across the entire infrastructure is key. To increase the cyber resilience and operational reliability of an infrastructure, deploying real-time network monitoring technologies that can spot abnormal behavior or even exploit attempts directed at specific devices is critical.
Consolidated visibility across multiple networks and even entire facilities can help security teams quickly identify and contain any threat that might move laterally across the infrastructure. This can also help security and IT teams develop a more proactive approach to security. Visibility, threat intelligence and advanced data analytics can help anticipate risk and devise comprehensive defense strategies through the use of actionable intelligence.
Of course, securing critical infrastructures is mostly a race against time, which is why layered security defenses that span from the endpoint layer to the network layer can prove vital in staying ahead of attacks or swiftly identifying them.
Takeaways
Cyberattacks on critical infrastructures can have a significant economic impact, especially when targeted in conflict between nations. Securing these systems is not a matter of fully reverting back to physical access, but a matter of understanding how internet-connected control systems work, how they are configured, and how they are accessed. Visibility and management is key in beefing up security for SCADA systems, but security and IT professionals must be aware of the risks and set in place security controls aimed at reducing the impact of a potential cyberattack and increasing the cost of attack for threat actors.
Deploying a layered security solution for endpoints that involves both proactive and reactive security technologies augmented by machine learning, as well as relying on next generation EDR (Endpoint Detection and Response) technologies that can alert SOC teams to potential signs of a data breach, can strengthen the security posture for critical infrastructures.
Autor: Liviu Arsene (Global Cybersecurity Researcher at Bitdefender)
