Delhi: Cyberattacks on critical infrastructure—rated the fifth top risk in 2020 —have become the new normal across sectors such as energy, healthcare, and transportation. Such attacks have even affected entire cities. Public and private sectors alike and are at risk of being held, hostage. Organized cybercrime entities are joining forces and their likelihood of detection and prosecution is estimated to be very low. Cybercrime-as-a-Service is also a growing business model, as the increasing sophistication of Cyber Crime tools on the Darknet makes malicious services more affordable and easily accessible for hackers and non-nation state actors.
Protecting the nation’s critical infrastructure is becoming much more difficult in the face of escalating cyberattacks as well as the increasing complexity of systems underlying our critical infrastructure. Cyberattacks are hard to prevent. A cyberattack against a nation’s critical infrastructure is especially hard to thwart and could have devastating consequences to our human existence. To put it in perspective, a complete outage of the electrical grids due to a hostile cyberattack is estimated to have huge damage. In addition, sustained failure of the electricity grid can have potentially devastating consequences on other industries that are dependent on it. From transport to health services, to food security, virtually every element of critical infrastructure is dependent on the grid.
Protecting Critical Infrastructure from Cyber Attacks To understand cyberattacks on critical infrastructures, we need to understand one concept: IT vs. OT.Organisations that operate critical infrastructures have two distinct cyber networks: Information Technology network and Operational Technology network.
Protecting Critical Infrastructure from Cyber Attacks IT network facilitates organizational management – it is the backbone that allows functions like payroll, employee management, and even the laptops that employees use. This network is almost always internet-connected, although “firewalls” are commonly used to provide security by restricting access to outsiders.
OT network, on the other hand, is the nervous system of the process. In the case of power plants, OT network has machines that run control algorithms to manage power generation, others that run protection software to maintain safety, and yet others to store historical data for analysis. It is routine for the control systems of such OT networks to be “air-gapped” from IT systems of the same organisation. This means that no path exists between OT and IT networks. When a physical air gap is deployed, computers on OT network are not connected to the internet. The only way data can pass into or out of the network is when someone connects an external storage device (like a USB stick).
Also Read: Know all about Ransomware
Air gap is software-defined, using a firewall. The firewall contains rules to prevent any external connections from being established with the isolated computer network. The most common reason for having a firewall-based air gap is to allow for a controlled software update of an OT network device. While this might seem to be an exploitable foothold, it should be noted that no air gap (including a physical one) is impossible to surpass. This is evident from several attacks on critical infrastructure in the recent past.
Industrial Control Systems (ICS) are widely used in the Industrial and Power sectors such as Energy, Water, Manufacturing, and Pharmaceuticals, etc. They include:
- Programmable Logic Controller (PLC)
- Systems Control and Data Acquisition (SCADA)
- Distributed Control Systems (DCS)
There are particular challenges to securing these control systems and networks on which they are hosted due to significant differences in their purpose and operation. Tackling these challenges effectively requires high-level visibility of the control system’s infrastructure.
Conventional security solutions to critical infrastructure including Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and access control mechanisms do not possess the capability to detect, prevent, and defend from the Advanced Persistent Threats (APTs) and zero-day attacks. Second, extracting insights from such huge and complex datasets for correct and timely decision-making has gone beyond human capabilities.
In the “good old days”, much of the critical infrastructure was built with analog technology that was much less susceptible to cyberattacks. Not anymore. Most critical infrastructure is Internet-dependent and is the target of persistent cyberattacks. Evidence suggests that nation-state and non-nation state adversaries have tested the resilience of critical infrastructure to cyberattacks and found significant weaknesses.
Also Read: AI Based Threats explained by Col. Inderjeet Singh, DG, CSAI
Col. Inderjeet adds, " A serious concern is the growing number of web-connected devices being used in energy technology. Distribution utilities are increasingly exposed by the growth of the Internet of Things (IoT) devices, such as connected sensors. Smart meters are being installed in every home, in order to automate meter readings. As these systems become increasingly connected to the internet, it also increases the potential attack surface for damaging cyberattacks such as Distributed Denial of Service (DDoS)."
When it comes to cyberattacks against the energy and utility sectors, it isn’t just customer data or corporate reputation at risk, but the safety of citizens. After all, if a successful cyberattack is launched on an electricity grid, swathes of the country could be left in darkness and cold, for months. One of the Cyber Attacks that took place on the Ukrainian power grid demonstrates, electricity operators are at significant risk from a potential adversary with malicious intent. Days before Christmas in 2015, remote hackers took control of Ukrainian grid operators and digitally commandeered substations, allowing them to shut off power for 225,000 customers for several hours.
Of course, the energy sector isn’t the only sector experiencing an increased threat of cyberattacks. Across, all parts of national critical infrastructure, we are seeing a greater number of sophisticated and damaging cyber threats which are often believed to be the work of nation-state and non-nation state actors seeking to cause political upheaval or a tactical advantage in the growing threat of cyberwar. WannaCry ransomware attacks in May 2017 demonstrated the capacity for cyberattacks to impact people’s access to essential services.
Also Read:Ransomware Targets Healthcare Systems
As per Col. Inderjeet, there are 16 sectors that make up our nation’s critical infrastructure. They include chemical/ energy/ nuclear, commercial/ government facilities, communications/information technology, critical manufacturing, defense, financial services, food/ agriculture, healthcare/public health/emergency services, transportation, and water/wastewater systems/dams. To be blunt, there is a devastating cost to human life for failing to safeguard these critical systems.
In the midst of the current COVID-19 pandemic, cyberthreats such as ransomware attacks, APTs attacks, and data breaches are all up around the globe. These cyber-threats appear more directed at destruction and also make money. This new reality created by Coronavirus pandemic will cause cyber threats to rise and that countries need to protect themselves against the coming ‘cyber pandemic.’
Cybersecurity is becoming an increasingly important factor in protecting critical infrastructure. New technologies such as 5G networks, artificial intelligence, drones, etc. are becoming more widely available and, as such, are being used in many industries but are also a threat to the same industry. At the same time, new technologies and advances in the IT industry are emerging and can advance or completely replace current methods.
Critical Infrastructure Protection market size is projected to grow from USD 128.9 billion in 2020 and expected to reach USD 152.3 billion by 2025. The severity, complexity, and frequency of cyberattacks on critical infrastructure are expected to increase further at a much faster pace in the near future.
To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain a comprehensive visibility across their networks to spot and resolve any potential incursions as they arise. Critical Infrastructure security is of paramount importance in protecting systems and services that are essential to society and the economy: power and water distribution networks, transport, and communications grids.
The real-world, high-profile consequences of a cyber-attack could include service disruption, environmental damage, financial loss, and personal injury on a large scale. Alongside this, there is the often mammoth task of managing a large number of customers, handling data relating to usage, payments, and connection status, as well as dealing with geographically diverse legacy systems.
One methodology to protect against cyberattacks on OT Networks is unidirectional gateway technology that provides safe IT/OT Integration and the strongest protection from remote attacks enabling: Real-Time Visibility into operations through server replication, OT network monitoring for IDS, remote access with Remote Screen View, IT remote access with Secure Bypass Disciplined, scheduled updates through the FLIP.
You can follow Col. Inderjeet on twitter @inderbarara, insta:inderbarara
Also Read: Artificial Intelligence in Cyber Warfare
