Critical infrastructure attacks are a preferred target for
cyber criminals. Here’s why and what’s being done to protect
them.
What is Critical Infrastructure and Why is It Attacked?
Critical infrastructure is the physical and digital assets,
systems and networks that are vital to national security, the
economy, public health, or safety. It can be government- or
privately-owned.
According to Etay Maor, Senior Director Security Strategy at
Cato Networks[1], “It’s interesting to
note critical infrastructure doesn’t necessarily have to be power
plants or electricity. A nation’s monetary system or even a global
monetary system can be and should be considered a critical
infrastructure as well.”
These qualities make critical infrastructure a preferred target
for cyber attacks. If critical infrastructure is disrupted, the
impact is significant. In some cases, such cyber attacks on
critical infrastructure have become another means of modern
warfare. But unlike classic warfare, in these conflicts civilians
and businesses are in the front line and become the targets.
Just a handful of recent prominent examples include attacks
against Ukraine’s power grid in 2015, the intrusion of the business
network of Kansas’s nuclear plant in 2018, and North Korea
attempting to hack the SWIFT network to steal more than $1 billion.
Not to mention the infamous Colonial Pipeline attack, which has
become the poster child of critical infrastructure attacks.
Yet the goal of the attacks could vary. While some are indeed a
way to prepare for future conflicts by testing capabilities and
defenses, others might be motivated by financial gains, an attempt
to steal data, gaining remote access or control, or disrupting and
destructing services.
Etay Maor added “It’s not just nation states who attack. It
could also be cyber criminals who are looking to make a monetary
gain or hacktivists.”
How Critical Infrastructure is Attacked
There are a few types of attacks used on critical
infrastructure. The main ones are DDOS, ransomware (through spear
phishing), vulnerability exploitation, and supply chain attacks.
Etay Maor commented: “Some of these techniques are harder to stop
because they target humans and not technologies.”
Spotlight: Supply Chain Attacks
Supply chain attacks are a key way to attack critical
infrastructure. Just like bombings in WW2 targeted factories that
provided supplies to the military, supply chain cyber attacks
target the nation’s critical infrastructure suppliers.
Etay Maor recalls, “I was at RSA security when they were hacked.
I remember where I was sitting and what I was doing when I realized
there was an attack. The internet went down and all the services
started shutting down.”
RSA was hacked not in an attempt to gain access to its own
network, but rather as a way to breach government and military
agencies, defense contractors, banks, and corporations around the
world that kept their secret keys with RSA.
How to Protect Critical Infrastructure
One of the misconceptions of cybersecurity is that the more
security products are employed, the better the security. But
layered security that is made up of too many products could be
counter-productive.
Per Etay Maor, “We ended up adding so many security products and
processes into our systems in the past five-six years. What we did
was add more fat, not muscle.” The result of the dozens of
integrated security products? Friction, especially when trying to
correlate information from them.
Gartner tends to agree: “Digital transformation[2]
and adoption of mobile, cloud and edge deployment models
fundamentally change network traffic patterns, rendering existing
network and security models obsolete.”
The Role of CISA
The potential severity of attacks on critical infrastructure has
driven nations to establish a cyber defense organization to defend
their critical assets, and prepare for conflicts.
CISA (Cybersecurity and Infrastructure Security Agency) is the
US’s risk advisor. They provide support and strategic assistance to
the critical infrastructure sectors, with a focus on Federal
network protection. By partnering with private sector partners and
the academy, they are able to provide proactive cyber
protection.
Some of the key areas CISA focus on are coordinating and
communicating cyber incident information and response to provide
support, securing the dot-gov domain, assisting in
protecting the dot-com domain to help the private sector,
assisting in securing critical infrastructure, and painting a
common operational picture for cyberspace.
One of the programs CISA is leading is the Cybersecurity Advisor
Program. The program provides education and training for
cybersecurity awareness. The advisors can help organizations by
evaluating critical infrastructure cyber risk, encouraging best
practices and risk mitigation strategies, initiating, developing
capacity and supporting cyber communities and working groups,
raising awareness, collecting stakeholder requirements and bringing
incident support and lessons learned.
Building Cybersecurity Resilience
Cybersecurity resilience is key to preventing critical infrastructure
attacks[3]. Such resilience emerges
from the actions organizations take. This includes activities like
responding to adverse incidents and gaining visibility into the
network, for example knowing which ports and services should be
running and whether they are properly configured.
There are many misconceptions regarding the ability to build
cyber resilience. Here are a few and how they re disputed:
- Claim: Resilience requires a big budget.
- Fact: Organizations don’t need a big budget, they need to
fine-tune the solutions they have. - Claim: There’s a silver bullet cybersecurity solution.
- Fact: The organization’s focus should be on getting the “101”
methods and practices in order, like network visibility[4]
and employee training. - Claim: We won’t be targeted.
- Fact: No organization is too small.
- Claim: There’s too much work to be done.
- Fact: Nevertheless, it’s important to research the solutions
based on your own priorities. - Claim: It’s not our responsibility.
- Fact: Everyone is responsible
- Claim: The government will save us.
- Fact: The government’s ability to succeed is
based on the partnerships with the private sector and that sector’s
active participation in securing themselves.
To get started with building your own resilience, answer these
three questions:
1. What do I know about the adversary?
For example, who the attackers are, how they operate, etc.
2. What does the adversary know about me?
In other words, which part of my network is exposed?
3. What do I know about myself?
The answer to this question provides information about what the
network looks like and where it is vulnerable. In other words, this
question is about gaining visibility into your own network.
To learn more about how CISA operates and how to prevent supply
chain attacks on critical infrastructure, the Cato Networks’ Cyber Security Masterclass
series is available for your viewing.[5]
Found this article interesting? Follow us on Twitter [6]
and LinkedIn[7]
to read more exclusive content we post.
References
- ^
Cato
Networks (www.catonetworks.com) - ^
Digital
transformation (www.catonetworks.com) - ^
preventing critical infrastructure
attacks (catonetworks.easywebinar.live) - ^
network
visibility (www.catonetworks.com) - ^
Cato
Networks’ Cyber Security Masterclass series is available for your
viewing. (catonetworks.easywebinar.live) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2023/04/supply-chain-attacks-and-critical.html
