Cyber attacks against critical infrastructure are becoming more frequent, with knock-on impacts for everyone
In December 2015, just a few days before Christmas, the world witnessed one of the most devastating cyberattacks it had ever seen.
Over 230,000 citizens in Ukraine were plummeted into freezing temperatures and darkness after Russia launched a cyberattack on the country’s power grid.
The attack completely shut down electricity for over six hours, and it demonstrated what many in the cybersecurity industry had been fearing for many years – cyber / physical attacks were becoming a reality.
Fast-forward seven years, and devastating incidents affecting Colonial Pipeline, JBS Foods and Oldsmar Water have each demonstrated that cyberattacks have shattered through their traditional digital perimeters and can now directly hit society in the way of food, oil and gas and water shortages.
Criminals have come to understand that if they want to cause damage to a country, they no longer need to have a physical presence in the state, instead they can launch a cyberattack on the country’s Critical National Infrastructure (CNI) from a far-off location and cause massive destruction remotely.
Yet, the bad news is, these types of assaults are going to continue, particularly as many industrial organisations are digitally transforming their environments without the necessary defences to keep their systems secure.
No more ‘air gapping’
Like many sectors across the world, industrial organisations have been taking advantage of digitalisation to modernise their environments. This has cut down costs, improved safety for employees, increased efficiency, and also allowed them to operate during stay-at-home orders enforced by the pandemic.
This introduction of digitalisation has meant that critical machinery in plants in now being hooked up to digital networks so Operational Technology (OT) can be controlled and operated through increased automation.
However, as with any connectivity it has also heightened the security stakes. Traditionally, this machinery only needed to be secured physically, because it could only be impacted by anyone with physical access. But today, this new connectivity means it could potentially be accessed by anyone on the web.
For instance, an attacker could target an oil and gas network via its enterprise IT through a phishing scam, and then once they have this initial foothold they could travel across the network until they reach OT.
Once they have reached OT, they could disrupt processes or even shut things down entirely.
In an industrial environment, this isn’t just like turning off a computer, this could be switching off a power turbine, or blocking the gas or electricity supply into a community. The consequences of which would be far reaching, and potentially devastating.
So, what can industrial organisations do to improve the cyber defences of their environments so they can still reap the benefits of modernisation without jeopardising security?
Securing operational systems
To improve cyber resilience, industrial organisations must focus on visibility, segmentation and security management.
In terms of visibility, you can’t protect what you can’t see. This means OT and security teams must have an inventory of all connected devices within the network and ensure they have visibility across all of these assets.
Once they have this inventory, they must carry out security assessments to identify and mitigate any vulnerabilities that exist.
In industrial environments, equipment typically has distinct communication patterns with centralised resources and not with different systems. Each communication zone of similar systems should be separated from each other with defined rules for what communication should cross zone boundaries.
Not only is this a general best practice, but a segmented approach can measurably reduce the impact of a compromised system on the whole OT environment.
Furthermore, industrial operators should aim to segment their networks as much as possible to prevent attackers jumping from IT to OT.
Once industrial organisations have visibility across their assets and have implemented segmentation, they must then run a regular security programme where they monitor for threats, run scheduled patch updates and practice incident response training to help minimise risks.
Digitalisation offers many benefits to industrial organisations, but they must ensure that security is not forgotten about and that it is rolled out in tandem with modernisation, otherwise the risks will significantly outweigh the benefits.
However, by focusing on visibility and segmentation, industrial organisations can do a lot to improve their defences and keep cybercriminals away from their highly critical systems.
Jordan Schroeder is managing CISO of Barrier Networks