Blockbusters to Blackouts: Hollywood foreshadows today’s reality of compromised Critical Infrastructure

For years, authors and filmmakers have been creating storylines around the evil interloper who manages to shut down the resources and power supplies of the good guys, wreaking havoc until the great hero swoops in to save the day

We all know the story, but this isn’t just a concept that exists in Hollywood. More and more incidents are entering the public domain, such as the recent attack on the US electricity network, that show it’s time for authorities to realise that life is firmly imitating art.

In fact, recent research from the Ponemon Institute has found that at least 90% of key installations in the UK and other countries have been targeted by at least one successful attack, such as with the Russian attack on the US electricity network. This determines that it’s time for authorities to understand that life is firmly imitating art. This is happening because our nations, economies, and lives all rely on a backbone of critical infrastructure industries. The vast information technology networks that they are built on often have weaknesses within their architectures that hackers can exploit to gain control of several vital systems and sensitive data. What’s more is that the occurrence of attacks against critical infrastructure is increasing at an alarming rate and not enough protocols are being applied.

Consequently, a plan of action is now needed, to prevent the any malicious actor from shutting down our critical resources – whatever their endgame is.

In the line of fire

What we have seen recently with attacks like NotPetya – which exposed security challenges in the industrial sector including basic controls and practices such as patching – is that there has been an increase in attack sophistication and advanced capabilities. This was again demonstrated with the Ukraine substation where a multi-faceted attack shut down a distribution load.

In addition to vulnerabilities associated with legacy architecture, many companies are still struggling to rapidly deploy visibility, detection and response across their plant floor without impacting availability. Effective protection against these attacks requires flexible solutions that can adapt to their unique industrial contexts and challenges while being strong enough to keep out even the most persistent or advanced enemy. Therefore, the different industries within critical infrastructure all share commonalities in the need to further increase security by segmenting their Information Technology (IT) and Operational Technology (OT) environments while continuing to provide assured communications between the environments. A solution is needed to provide secure means to remotely manage communications and move data between and across all levels of IT and OT control without risk to availability.

As control systems continue to evolve, they will be patched, maintained, and managed via cloud service providers; and it has been predicted that attackers will seek out vulnerabilities in cloud infrastructure and hardware. These cloud service providers rely on shared infrastructure, platforms, and applications in order to deliver scalable services to IoT systems. The underlying components of the infrastructure may not offer strong enough isolation for a multi-tenant architecture or multi-customer applications, which can lead to shared technology vulnerabilities. In the case of industrial IoT, a compromise of back-end servers will inevitably cause widespread service outages and bring vital systems to a screeching halt.  Manufacturing, energy production and other vital sectors could be affected simultaneously.

The role of behavioural-based cybersecurity solutions

At the centre of every cyberattack is a person and defending against these attacks requires an approach that understands the motivations of those involved (good and bad) and how they interact with the infrastructure that is under attack. For instance, phishing is a common technique used by cybercriminals to craft a legitimate-looking email and sending it to the intended victim along with a malicious attachment. Once executed, it runs code for dropping malware, which can be used for ransomware, stealing data, or another form of attack.

The ideal security solution for critical infrastructure to defend businesses from these kinds of attacks, will afford end-users the option to quickly move from visibility to control, to provide robust network defence and secure segmented network communications. For instance, a multilevel-capable operating system that enables high assurance network separation and flow control, can deliver multi-layered byte-level deep content inspection, data validation and filtering, to meet with the specific security policies, requirements and risks of each critical infrastructure customer, for both IT and OT environments.

These solutions can be supplemented by technology that understands malicious actors behave once inside an environment, as well as enables communications between different sector or sites which aid in tracking attacks and developing defences This unique approach can be used to address challenges where they are most vulnerable—the human point of interaction with systems and data.

Protecting what’s critical

When it comes to assessing cyber security and improving cyber defences for critical infrastructure, there’s no time to waste. These cyber-attacks are no longer just like movie plotlines, they’re very real and have the potential to be extremely dangerous to public safety and modern living. It’s time to ensure that our critical infrastructure systems are built upon a robust architecture that is consistently resilient against targeted attacks. If a security-first approach isn’t adopted, then our critical infrastructure providers will be left vulnerable and unable to mount an effective defence against the bad guys.

About the Author

Sean Berg is Senior Vice President and General Manager, Global Governments and Critical Infrastructure at Forcepoint. Forcepoint is the human-centric cybersecurity company that understands behavior and adapts security response and enforcement to risk. The Forcepoint Human Point platform delivers Risk-Adaptive Protection to continuously ensure trusted use of critical data and systems. Based in Austin, Texas, Forcepoint protects data and identities for thousands of enterprise and government customers in more than 150 countries.