For businesses operating critical infrastructure systems, the risks have never been greater. There are consequences that reach far beyond business and reputational damage. Article by Stephan Neumeier, Managing Director, APAC and Japan, Kaspersky Lab.
Cyberattacks have undergone tremendous evolution over the years – from targets, to intentions, as well as aftermath. Threat actors have come a long way from simply hacking or vandalising web pages for fun, to breaching financial companies for financial gain.
Today, threat actors are gradually shifting to a new target: perpetrating cyberattacks on critical infrastructure. Stuxnet, the malicious worm which damaged Iran’s nuclear system, a cyberattack which rendered a portion of Ukraine powerless for days after infecting a power plant, and the alleged North Korean atttackers infiltrating SWIFT network to move money around the world. These are notable examples of huge campaigns which can affect both institutions, the public, and a nation’s security and safety.
It is encouraging to see that organisations and governments have already started to recognise this threat. The World Economic Forum recently warned that cyberattacks and their potential to cripple critical infrastructure remain the biggest risks the world is facing today.
The Singapore’s government recognises this, too, and on the heels of the SingHealth breach, has stepped up security measures for critical information infrastructure sectors. It has recently noted that more security audits and drills will be carried out to sharpen public officers’ readiness to respond to cyber incidents.
For businesses operating critical infrastructure systems, the risks have never been greater. There are consequences that reach far beyond business and reputational damage. It can lead from disrupted online network activities to tangible physical harm, and as wide as a national emergency due to possible water, power, and energy supply interruptions.
Outdated Beliefs, Evolving Attackers Pose Key Threats
Despite the growing awareness of the prevalence of cyberattacks, many IT security models continue to adhere to outdated beliefs that physically isolating systems by obscurity is enough. Unfortunately, in the era of Industry 4.0, there is a need for non-critical industrial networks to be accessible via the Internet to promote greater efficiency.
Another rising threat to critical infrastructure is ransomware. Over the last few years, ransomware has been steadily on the rise. Its emergence is highly significant for the industrial sector since such infections cause high-impact, wide ranging damage to critical systems. The Industrial Control Systems (ICS) has become a particularly attractive target, as proven by incidents of ransomware attacks, such as WannaCry , hitting ICS and Supervisory Control and Data Acquisition (SCADA) systems in 2017.
In addition to generic threats, ICS-specific malware continue to contend with industrial security. As Stuxnet and BlackEnergy attacks has demonstrated, all it takes is a single infected USB drive or single spear-phishing email to bridge the air gap and penetrate and isolated network.
It’s not just the tools, but also the techniques of threat actors that has also evolved. Attackers today are very adept at going underground and beyond the radar to avoid being detected publicly. With enough resources, they are also skilled at diversifying toolkits, working with each other and practices to make detection and attribution extremely difficult.
For example, Kaspersky ICS Computer Emergency Response Team (CERT) department, responsible for industrial systems threats research and elimination, found two hacking groups who leveraged spear phishing emails and phishing documents under the guise of e-mails from a government department in charge of energy. They had done so by leveraging two servers at the same time, which highlights the cooperative and joint capabilities of today’s hackers.
Leverage the Adaptive Model
In light of these threats and trends, there is a need to secure every industrial layer, including SCADA servers, Hacker Machine Interface (HMI), engineering workstations, Programmable Logic Controller (PLC), network connections and people – without impacting on operational continuity and the consistency of industrial processes.
Companies can leverage the adaptive model, and ensure they take a holistic approach to industrial cybersecurity – from predicting potential attack vectors, through specialised industrial prevention and detection technologies, to responding proactively to a cyber-incident. This is the ultimate guarantee of your organisation’s uninterrupted and safe functioning.
In addition to the full cycle of dedicated industrial services, from cybersecurity assessment to incident response, companies must also leverage industrial threat intelligence and reporting. These will keep them up to date with the latest trends and threats in their industry.
Lastly, every employee – from business to factory floor – plays a crucial role in cybersecurity. Trainings and awareness are vital. Companies should consider investing in Industrial cybersecurity awareness development and skills development training for C-level, IT, OT and Security professionals. Cybersecurity is not a single armour, but a fleet of equipped soldier ready to keep networks and the world safe. It is a shared responsibility. One that has to be done properly, before it’s too late.
CHECK OUT OUR LATEST ISSUE!
WANT MORE INDUSTRY INSIGHTS? SUBSCRIBE TO IAA NOW!