Securing critical infrastructure against modern vulnerabilities and cyberthreats

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Aamir Lakhani
 

Connecting state and local government leaders

By Aamir Lakhani

|

By proactively conducting threat research, segmenting networks and deploying proper security hygiene, critical infrastructure providers will be better prepared to identify threats, secure networks against them and mitigate any resulting damage.

Across the globe, societies rely on complex and automated critical infrastructure to ensure essential services and functions remain operational. In the United States, the Department of Homeland Security has identified 16 critical infrastructure sectors that, if debilitated, would have a significant impact on national security, economic growth, public safety and more.

These infrastructures contain connected devices and systems that are essential for maintaining operations. They are also lucrative targets in the eyes of cybercriminals. With an estimated 20.5 billion network-connected devices projected to be incorporated into critical infrastructure architectures by 2020, the growing risk of cyberattacks and the potential damage a successful attack can cause are drastically rising.

With this in mind, operations control and network security teams need effective security measures that are not only capable of combatting today’s modern threats but can do so safely inside critical and highly sensitive operational technology (OT) environments. In this effort, understanding the vulnerabilities of critical infrastructure networks -- whether they are owned and operated in the private or public sector -- the current cyberthreats targeting them and the cybersecurity efforts aimed at mitigating these threats can drastically decrease the likelihood of a successful cyberattack.

Modern vulnerabilities across critical infrastructure sectors

As the Global Threat Research for Q2 2018 report indicated, cybercriminals are increasingly targeting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) elements. But, why are cybercriminals focusing their efforts on critical infrastructure networks? There are a number of factors at play. The first is that once the perimeter is breached, OT networks tend to be less secure; they tend to run older, unpatched versions of hardware and software, and attacks can make a significant impact, whether as cybercriminals ransoming critical systems or as cyberterrorists achieving political ends by disrupting services or putting individuals at risk. Here are some specific examples:

Human error and susceptibility: One of the most prominent vulnerabilities within critical infrastructure networks comes in the form of human error. Since OT networks have traditionally been isolated from online access, critical OT devices often employ default or well-known usernames and passwords that aren’t frequently changed. As a result, these devices are easily exploited. This fact is emphasized across the dark web, a prominent and growing market for leaked credentials.  

Hesitation to conduct vulnerability testing: Testing the vulnerabilities of critical ICS devices and architectures makes sense, because it boils down to beating cybercriminals at their own game:  hacking ICS elements before the bad actors do. Unfortunately, this process can adversely affect the performance of critical infrastructure. Even patching updates or tack-on security solutions can hinder the efficiency of critical infrastructure. As a result, many IT professionals tasked with managing critical infrastructure have adopted an “if it’s not broken, don’t fix it” mentality, leaving them vulnerable to an increasing number of attack vectors the longer a network remains untouched.

Many SCADA systems are connected with unique IPs: Modern SCADA systems are implemented across a wide, distributed network and rely on open protocols like multicast to perform their necessary functions. However, in order to receive these protocols and subsequently carry out their functions, SCADA systems also rely on unique IP connections. This leaves them vulnerable to unauthorized access from control software via phishing or malware and opens them up to packet access across those network segments that house SCADA systems.

Once they've penetrated critical infrastructure, cybercriminals can carry out several kinds of attacks:

Smokescreen attacks from malicious nation-states: Attacking infrastructure critical to day-to-day operations is often viewed as a precursor to warfare. This is because successful attacks make for incredibly effective smokescreens. The loss of power or water, or a stock market collapse, provides a distraction for more targeted physical or cyber-based attacks. 

Ransomware: The health care sector made headlines following successful cyberattacks targeting critical infrastructure needed for patient care. Cybercriminals leveraged the SamSam and WannaCry ransomware variants to hold hospitals hostage in exchange for cryptocurrency.

Cryptojacking: The recent spike in value of cryptocurrencies like Bitcoin and Ethereum have also led to a significant increase in cryptojacking attacks. These attacks, which deploy malware to leach CPU power from network-connected devices, can have a significant impact on processing power and system efficiency. Given the high number of devices essential to critical infrastructure operations, and the fact that they are often easier to exploit, cybercriminals have begun to target the OT and internet-of-things  devices found in critical infrastructure.

Securing critical infrastructure sectors against modern cyberthreats

For IT professionals in critical infrastructure sectors, cybersecurity efforts must be aligned with the current threats targeting them. Additionally, the appropriate strategies and solutions to effectively mitigate those threats must be deployed across the network. As the old saying goes, cybercriminals only need to get an attack right once, while cybersecurity teams have to maintain effective security posture 100 percent of the time.

With this in mind, cybersecurity professionals should consider the following best practices to ensure that critical infrastructure is maintained and modern cyberthreats are effectively identified and addressed:

Threat research: The first and arguably most important method for preventing a critical infrastructure attack is threat research. Understanding the known vulnerabilities, exploit advisories and specific intrusion or detection signatures that have been observed across the threat landscape can go a long way toward efficiently preventing attacks. Additionally, it’s beneficial to understand the processes cybercriminals leverage when exploiting known vulnerabilities. When cybersecurity professionals understand the specific techniques being used against known vulnerabilities, they’ll be better prepared to address newer exploits targeting those vulnerabilities.

Comprehensive network segmentation: Given the staggering number of OT, IoT, ICS and SCADA elements that make up critical infrastructures, it’s essential that the internal segmentation functionality available in some next-generation firewalls be deployed across the network. Not only will such logical segmentation mitigate the damage a successful attack can cause, but it will also serve as a deterrent against cybercriminals expecting an easily exploited target.

Proper security hygiene: Poor security hygiene is one of the most common causes of successful cyberattacks within critical infrastructure. Cybercriminals leverage a variety of techniques like phishing and drive-by downloads for quick and easy entryways into networks. By ensuring a more stringent cadence for maintaining security posture, the chances of socially engineered scams, accidental insider threats and malware-based attacks dramatically decrease.

Additionally, cybersecurity personnel should begin to move away from the aforementioned “if it isn’t broken, don’t fix it” mentality. Modern cybercriminals are constantly looking for new vulnerabilities and exploits. To secure a network, vulnerability testing and proper patching must be conducted consistently. 

Final thoughts

Cybercriminals increasingly regard critical infrastructure as an easy target. Due to the unique vulnerabilities found within ICS, that makes sense. In order to secure the network elements needed for efficient operations, it’s crucial that cybersecurity personnel understand the threat vectors found across their network architecture and the common cyberthreats targeting them. 

By proactively conducting threat research, segmenting networks and deploying proper security hygiene, public- and private-sector organizations across critical infrastructure sectors will be better prepared to identify threats, secure networks against them and mitigate any resulting damage.

NEXT STORY: LA's cyber strategy: savvier employees, secure IoT

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.