Importance Of Securing Critical Infrastructure Amidst Rising Cyber Attacks

CyberArk
Spread the love

Authored by Budiman Tsjin, Solutions Engineering Manager, ASEAN, CyberArk

With the advent of the Fourth Industrial Revolution, Southeast Asia’s businesses are being presented with the opportunity to drive the adoption of fast-evolving and converging technologies to accelerate growth or productivity like never before.

Advertisments

Critical infrastructure is at a heightened risk with the growth in connectivity between Industrial Control Systems (ICS) within the operational technology environment and IT systems. For decades, these systems were isolated from IT systems and the Internet, but with increasing connectivity comes increased risk of intrusion from malicious actors and malware. Now with aggressive, dynamic threats using technology to isolate these systems and limiting the attacker’s ability to move through the IT and OT systems and exploit remote control features is even more important.

In August last year, critical infrastructure in an unnamed Southeast Asian country was targeted by a cyberespionage group, with ICS attack vectors seemingly their main target. Forensics determined that the attackers were interested in information about the Supervisory Control and Data Acquisition (SCADA) systems.

The attacks were able to move laterally within the network and were ongoing from at least November 2020 to March 2021, several months before the Colonial Pipeline attack drew worldwide attention to the vulnerabilities of critical infrastructure.

Globally, water systems have been the target of cyber threats. For instance, in February 2021, attackers breached a Florida water treatment plant, gaining control of its SCADA system to successfully raise the sodium hydroxide levels in the water by 100-fold, reaching poisonous levels. This prompted U.S. federal agencies to issue a joint advisory warning of ongoing threats to water and wastewater systems, citing several phishing and ransomware attacks on facilities in California, Maine and Nevada, among others.

These incidents are hardly surprising. According to the 2021 SANS Institute survey, monitoring and incident detection is still relatively low among critical infrastructure and operational technology (OT) organisations, with only 12.5 percent of respondents being confident that they have not experienced a compromise in the last 12 months. On the other hand, 48 percent of participants do not know if they have encountered a security breach, confirming the urgent need to boost incident awareness mechanisms among OT organisations.

As OT assets are increasingly connected to IT networks, remote access to these critical systems is now the norm. With this connectivity, critical infrastructure operators — from water treatment plants to oil pipelines — must focus on protecting privileged access to the applications and systems that are responsible for keeping this infrastructure up and running.

Operational Technology: Connected, But Not Adequately Protected

Traditionally, ICS process and production equipment were not connected to any networks. Modifications to OT environments could only be performed through in-person physical interaction with system controls requiring specific actions such as pulling levers, flipping switches and turning dials. Thus, security risks were limited to the people who had direct access to the facility.

However, as digitalisation and the adoption of the Internet of Things (IoT) accelerated, many OT environments, full of decades-old technology, were brought online, ultimately increasing the attack surface. Because attackers consistently seek out entry points to execute their plans, it is important that all access to these systems must be treated as privileged access.

Meanwhile, since the pandemic started, businesses and organisations were forced to adapt tasks that traditionally required physical presence in the facility to fit the remote model. As a result, internal and third-party personnel responsible for operating, troubleshooting, upgrading and maintaining OT equipment leveraged technologies that enabled offsite fulfilment of these tasks.

Insecure Remote Access Puts OT Systems at Risk

Considering how disruptive cyber intrusion can be in OT environments like water facilities, the importance of treating all vendors and employees with remote access as privileged identities cannot be overestimated. Unfortunately, the following risky security practices are far too common:

  • Sharing administrator credentials for SCADA and other critical systems
  • Provisioning third parties with standing access rights in corporate directories
  • Failing to securely store, manage and distribute credentials — including those for air-gapped systems
  • Using the same passwords for multiple accounts
  • Giving operators and maintenance personnel administrator-level access to critical systems they do not regularly access
  • Providing unrestricted, anytime access to sensitive resources
  • Improperly air-gapping systems, exposing systems to the internet unnecessarily or using an unsecured local area network
  • Running outdated, unpatched operating systems and software

While many OT environments and water facilities disconnect or “air-gap” systems from the internet for security purposes, even in air-gapped OT environments, securing remote access remains vital. This is because plant equipment, HMI, DCS, PLC and other OT systems still require maintenance and upgrades performed by internal staff and external contractors. In these situations, privileged credentials used to access critical systems must be provisioned securely and carefully monitored.

Protect Privileged Access to Address Most Prevalent OT Weaknesses

To protect identities, OT organisations can leverage Identity Security solutions that are centred on privileged access management. These solutions can help address the gaps frequently found in OT security by providing offline privileged access. This eliminates the issue of credential sprawl, no matter the environment. Internal admins and third-party contractors can retrieve privileged credentials and maintain session audit via mobile apps, helping organisations defend against attacks targeting credential theft while satisfying audit and compliance.

By enabling secure third-party access as part of a Zero Trust approach to security, industrial control organisations can help address the most prevalent identity-related weaknesses and risks identified by U.S. Cybersecurity and Infrastructure and Security Agency (CISA). Protecting valuable assets by limiting access on critical systems is fundamental to ensuring organisations do not suffer devastating losses from threats such as:

  • Undetected and unauthorised activity in critical systems
  • Increased attack vectors for malicious parties to access critical systems
  • Lack of traceability of user actions in case of compromised accounts
  • Increased difficulty monitoring users with administrative access that have left the organisation
  • Unapproved access from shared or system accounts.

Strengthening controls on remote access is one of many critical steps toward greater cyber resilience. Adding to the fact that OT systems are often ageing and straining from decades of use, and industry regulations remain inconsistent, skilled cybersecurity practitioners are increasingly hard to find. While it is encouraging to see water systems and other critical infrastructure getting the increased cybersecurity attention they so desperately need — there is still a long way to go.

CLICK HERE FOR LATEST NEWS.

READ CURRENT AND PAST ISSUES OF IAA.

KEEP YOURSELF UPDATED, SUBSCRIBE TO IAA NOW!

AND DON’T FORGET FOLLOW US ON FACEBOOK, LINKEDIN AND TWITTER!

Imperative to invest in OT security protection?
Digital Transformation & Sustainability Is Focus of ARC Industry Forum Asia