Critical infrastructure attacks are the target of choice for cybercriminals. Here’s why and what is being done to protect them.
What is Critical Infrastructure and Why is it Attacked?
Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health or safety. It can be government or private.
According to Etay Maor, Senior Director Security Strategy at Catos Network“It is interesting to note that critical infrastructure does not have to be power generation or electricity. A country’s monetary system or even the global monetary system can and should be considered as critical infrastructure as well.”
These qualities make critical infrastructure a preferred target for cyber attacks. If critical infrastructure is disrupted, the impact is significant. In some cases, such cyber attacks against critical infrastructure have become another means of modern warfare. But unlike the classic war, in this conflict civilians and businesses are at the forefront and are targeted.
Some notable recent examples include the attack on Ukraine’s power grid in 2015, the intrusion of the business network of the Kansas nuclear plant in 2018, and North Korea’s attempt to hack SWIFT’s network to steal more than $1 billion. Not to mention the infamous Colonial Pipe attack, which has become an example of a critical infrastructure attack.
But the purpose of the attack can vary. While some are indeed a way to prepare for future conflicts by testing capabilities and defenses, others may be motivated by financial gain, attempts to steal data, gain remote access or control, or disrupt and tamper with services.
Etay Maor added, “It’s not just nation states that attack. It can also be cybercriminals seeking monetary gain or hackers.”
How Critical Infrastructure Is Attacked
There are several types of attacks used on critical infrastructure. The main ones are DDOS, ransomware (via spear phishing), vulnerability exploits and supply chain attacks. Etay Maor commented: “Some of these techniques are harder to stop because they target humans and not technology.”
Highlights: Supply Chain Attacks
Supply chain attacks are the main way to attack critical infrastructure. Just as the bombings in WW2 targeted factories that provide supplies to the military, supply chain cyberattacks target a country’s critical infrastructure suppliers.
Etay Maor recalled, “I was at RSA security when they got hacked. I remember where I was sitting and what I was doing when I realized there was an attack. The internet went down and all services started shutting down.”
RSA was hacked not in an attempt to gain access to its own network, but rather as a way to penetrate government and military agencies, defense contractors, banks and corporations around the world that store their secret keys with RSA.
How to Protect Critical Infrastructure
One of the misconceptions about cybersecurity is that the more security products are used, the better the security. But layered security consisting of too many products can be counterproductive.
Per Etay Maor, “We’ve ended up adding so many safety products and processes to our system in the last five-six years. What we’re doing is adding more fat, not muscle.” The result of dozens of integrated security products? Friction, especially when trying to correlate information from them.
Gartner tends to agree: “digital transformation and the adoption of mobile, cloud, and edge deployment models are fundamentally changing network traffic patterns, rendering existing network and security models obsolete.”
The potential severity of attacks on critical infrastructure has prompted countries to form cyber defense organizations to defend their critical assets, and prepare for conflict.
CISA (Cybersecurity and Infrastructure Security Agency) is the US risk advisor. They provide strategic support and assistance to critical infrastructure sectors, with a focus on protecting Federal networks. By partnering with private sector partners and academies, they can provide proactive cyber protection.
Some of the key areas that CISA focuses on are coordinating and communicating cyber incident information and response to provide support, secure dot-gov domain, helps in protecting dot com domain to assist the private sector, help secure critical infrastructure, and paint a common operational picture for cyberspace.
One of the programs CISA leads is the Cybersecurity Advisor Program. This program provides education and training for cybersecurity awareness. Advisers can assist organizations with evaluating critical infrastructure cyber risks, driving best practices and risk mitigation strategies, initiating, developing capacities, and supporting cyber communities and working groups, raising awareness, gathering stakeholder requirements, and providing incident support and lessons learned.
Building Cybersecurity Resilience
Cybersecurity resilience is key prevent critical infrastructure attacks. Such resilience arises from the actions the organization takes. This includes activities such as responding to adverse incidents and gaining visibility into the network, for example knowing which ports and services to run and whether they are configured correctly.
There are many misconceptions about the ability to build cyber resilience. Here are some and how they are disputed:
- Claim: Resilience requires a big budget.
- Fact: Organizations don’t need huge budgets, they need to perfect their solutions.
- Claims: There is a silver bullet cybersecurity solution.
- Fact: An organization’s focus should be on establishing “101” methods and practices. network visibility and employee training.
- Claims: We will not be targeted.
- Fact: No organization is too small.
- Claims: Too much work to do.
- Fact: However, it is important to research solutions based on your own priorities.
- Claims: It is not our responsibility.
- Fact: Everyone is responsible
- Claiming: The government will save us.
- Fact: The government’s ability to succeed is based on partnerships with the private sector and the sector’s active participation in securing itself.
To start building your own resilience, answer these three questions:
1. What do I know about the enemy?
For example, who is the attacker, how do they operate, etc.
2. What does the enemy know about me?
In other words, what parts of my network are exposed?
3. What do I know about myself?
The answers to these questions provide information about what the network looks like and where the vulnerabilities lie. In other words, this question is about gaining visibility into your own network.
To learn more about how CISA operates and how to prevent supply chain attacks on critical infrastructure, the Cato Networks’ Cyber Security Masterclass series is available for you to watch.