Category: OT

[By Rahul Kannan, President and Chief Operating Officer, Securin]

Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as emphasized by the White House’s National Cybersecurity Strategy. The urgency is underscored by recent incidents, such as the cyberattack on India’s Tata Power, impacting millions, and the data breach at Colorado Springs Utilities, exposing the personal information of 200,000 customers.

The consequences of these attacks reach far beyond compromised data; they extend to societal function. Critical service providers, including power companies and utilities, hold a wealth of sensitive data, from financial information to personal details. Breaches at these entities can lead to life-threatening situations with service disruptions and put individuals at risk of data theft. The interconnectedness of these systems means that a breach in one sector can have cascading effects, affecting public safety, national security, and economic stability.

Breaches: A Tier-One National Priority

Recognizing the gravity of the situation, the White House designated defending critical infrastructure as its foremost national security priority stating: “Defending the systems and assets that constitute our critical infrastructure is vital to our national security, public safety and economic prosperity”. This acknowledgment reflects the essential role these services play in our daily lives, from ensuring clean drinking water to safeguarding schoolchildren’s privacy.

In 2022, 106 U.S. state and local government entities reported ransomware attacks; 25% of the attacks resulted in data theft, putting citizens’ privacy and security at risk. Breaches like these can result from using old legacy systems, third-party applications, or internal exposure of vulnerable information that can inflict costly consequences.

The economic implications are equally significant, with attacks on governments and critical infrastructure causing disruptions that can take up to five months to fully recover. These disruptions can lead to operational technology shutdowns, outages, leakages, and even explosions, further highlighting the vulnerability of critical systems and the potential risks to citizens.

Increasing Threats Loom

The escalating threats to infrastructure are fueled by a combination of factors, including global economic downturns, geopolitical tensions, nation-state actors, and the pervasive rise of ransomware. Industries across the board are affected, within the past three years energy facilities have been the most targeted (39%), followed by critical manufacturing (11%) and transportation (10%). On the healthcare side, a recent report between Securin, Finite State, and Health-ISAC found an alarming 59% year-over-year increase in firmware vulnerabilities within connected medical products and devices.

Moreover, the tactics employed by cyber attackers are evolving. While phishing techniques remain prevalent, the integration of artificial intelligence is enabling more sophisticated and automated attacks, reducing the response time to defend against these attacks. The stakes are high, with utility companies facing 1,101 attacks every week (compared to 504 weekly in 2020), emphasizing the need for a proactive and comprehensive cybersecurity strategy.

CISOs Call for Collaboration

Chief Information Security Officers (CISOs) are at the forefront of this battle, tasked with safeguarding critical systems. With the average data breach costing $4.45 million, it is imperative for CISOs to plan and proactively increase their security posture prior to an attack. To tackle growing security threats, industrial control systems and operational technologies (ICS/OT) must be updated. CISOs, who spearhead essential and rapid security initiatives, should:

  • Keep up to date with government advisories.
  • Ensure all individuals across the organization know established security measures, have proper security training, and are following best practices.
  • Patch high-risk vulnerabilities as soon as possible.
  • Establish a comprehensive cybersecurity strategy.
  • Allocate sufficient resources to develop a continuous threat exposure management (CTEM) program that regularly monitors your security status.
  • Have a contingency plan for when your systems are under attack.
  • Consider consolidating cybersecurity operations to reduce redundancy and their applications’ attack surfaces.

Solving the security problems within infrastructure will take commitment and dedication from CISOs and collaboration between both private and public entities. The White House made clear its financial and political commitment to update and strengthen America’s National Cybersecurity Strategy, so it is important for security leaders to uphold that pledge. By leveraging the expertise of security professionals, government entities can work more strategically to outpace the rapidly evolving tactics of cyber attackers.

In conclusion, defending the nation’s critical infrastructure is not just a priority; it is a must that demands commitment. From implementing proactive security measures to fostering collaboration between sectors, every effort contributes to the resilience of critical systems. Through information sharing, collaboration, and a united front against bad actors, the country can fortify the most sensitive systems and protect the foundation of society. No measure is too small when it comes to securing critical infrastructure and thwarting the evolving threats posed by cyber adversaries.

The post Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. appeared first on Cybersecurity Insiders.

By Sreenivas Gukal, Head of Products, VP of Engineering, and Co-Founder at Acalvio Technologies

Enterprises and regulated industries are becoming well aware that their risk management strategy must include cybersecurity for OT (Operational Technology) environments and the convergence of IT and OT isn’t just happening, it has happened. When it comes to OT, there’s a combination of high potential impact to safety and core operations paired with the unfortunately limited focus on IT security in industrial environments: which translates into substantial risk. Implementing security controls in such facilities is difficult for several reasons, including concerns that security controls will impact production availability, overall lack of understanding of OT systems and protocols by the IT staff charged with monitoring them, onerous change management restrictions, and the frustrating inability to deploy many types of security solutions on OT systems.

However, just because there’s a lack of symbiosis and a gap in education doesn’t mean that every OT system is a cybersecurity tragedy waiting to happen. When you look a little closer to the way these systems are set up and managed, there are clear solutions to protecting them—and protecting them can’t always wait for two sides to come to an agreement. When an OT device is attacked, it’s more than just critical data at risk. In the past several years, we’ve seen OT attacks at the heart of several critical infrastructure disasters; such as Solar Winds and the Colonial Pipeline attack, to name a few. This scale of attack is simply not acceptable in today’s world, especially when so much is at risk, and there are viable security solutions to prevent them from happening.

A Standalone Discipline – Or Is It?

Though OT and IT have always had standalone protocols that theoretically set them apart from each other, there has never been a world in which OT cybersecurity has existed without IT input. It’s in the name- cybersecurity. Previously, OT devices were assumed protected because of what we now know as the myth of the air gap– meaning the network the OT devices live on is not connected to either the Internet or any other outside network. Of course, air gapped networks do still need a solution to protect against potential insider threats, but those solutions are straightforward and have long been in action.

However: how do you update the software of a device that isn’t connected to a network? Historically, a tech has to physically bring in a USB stick to plug in to the equipment, run the upgrade, disconnect from the device, and hope nothing malicious gets in in the meantime. Another failure of the air gap is believing that the internal device network isn’t connected to anything else, when it in fact is. Especially as remote work has become more common, formerly “air gapped” networks have multiple points of outside entry.

In essence, if you want to have a protected network, you could never have been relying solely on OT expertise. When you bring a network of any kind into play, it requires the aid of someone well versed in IT solutions. With that in mind, what does the continued blending of IT and OT look like now?

OT and IT Security Aren’t Converging- They’re Already Converged

Though IT may have long been aiding OT in the setup of their networked devices, the whole concept of cybersecurity and OT still seems brand new. This is because the systems haven’t even been built until recently, leading to a lack of maturity in the space. In the past, when historically solely OT devices have had to be moved onto an IT network, they’ve been moved in a patchwork fashion utilizing outdated technology, typically because that’s all the organization had available to them. Cybersecurity solutions had to be developed specifically for OT environments because it’s difficult or even impossible to patch over those outdated IT protocols without customization. Even when organizations choose to fully adopt IT methods for their OT space, they might not have the manpower or expertise on their teams to execute cybersecurity solutions in a way that everyone on board can understand. This leaves us with a very specific need: a cybersecurity solution that can operate identically in OT and IT environments without the need for customization, and one that can be easily understood by anyone using it.

This is where deception technology based Active Defense comes in. Deception tech is unique in its ability to operate in OT and IT environments interchangeably, and makes the blending of the two exciting rather than frustrating or even frightening. Because deception technology doesn’t rely on sifting through after-attack reports, but rather “captures” the attacker within the network as soon as the attacker engages with a deception artifact, the rules of engagement are straightforward even for OT experts who aren’t well-versed in the cybersecurity space.

The convergence of IT and OT is not a future prospect, but a reality that demands immediate attention. The vulnerability of OT systems, coupled with the historical neglect of IT security in industrial settings has resulted in a cybersecurity risk to OT environments everywhere. Fortunately, solutions to protect OT environments are attainable, and the potential risk to critical infrastructure environments should supersede the fear of change. By simplifying the rules of engagement and enabling OT experts to navigate the cybersecurity landscape effectively, Active Defense and deception technology paves the way for a harmonious convergence of IT and OT security efforts, mitigating risks and fortifying critical infrastructures in an increasingly interconnected world.

The post No More Band-Aids: It’s Time for IT and OT Security Convergence appeared first on Cybersecurity Insiders.

By Matt Morris, Global Managing Director of 1898 & Co.

Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated critical systems of the pipeline, resulting in its shutdown for several days. Regarded as the most significant publicly disclosed cyber-attack against vital infrastructure in the United States, the Colonial Pipeline hack serves as a valuable lesson, shedding light on the complexity of attacks on critical infrastructure, the detrimental impact of complete system shutdowns, and the imperative need for our nation to enhance the protection of crucial systems from threat actors.

Critical Infrastructure Attacks Double

According to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), cyber-attacks against critical infrastructure in the United States have doubled since 2015. Most of these attacks originate from outside the country, just as the Colonial Pipeline hack was traced back to Russia. These attacks are often motivated by a desire to gain a competitive edge on the global stage or are due to the immense profitability associated with compromising systems vital to public safety. While data security is often the primary focus of IT environments, resiliency in OT environments relies on safety and reliability.

So, What Did We Learn?

The Colonial Pipeline attack underscored the increasingly blurred line between IT and OT systems. For instance, the ransomware attack that targeted the Colonial Pipeline compromised data, locked computers, and restricted access to billing systems within the corporate IT infrastructure. However, Colonial found it necessary to shut down OT operations for two main reasons. First, the company lacked a clear understanding of the interdependencies between its IT and OT systems and the potential for the incident to spread more directly into the OT environment. Second, although the ransomware did not directly infiltrate the OT systems, it paralyzed a critical IT component that the OT systems relied on for proper functionality, effectively causing an indirect shutdown of the OT operations.

Shutdowns of critical infrastructure can have far-reaching consequences for entire industries. Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, likened the Colonial Pipeline hack to the Deepwater Horizon incident for offshore oil drilling and the Exxon Valdez oil spill for environmental disasters. These incidents demonstrated the colossal problems that arise from unforeseen shutdowns and a lack of preparedness.

Improving Our Nation’s Infrastructure

One major issue that needs to be addressed is the inadequate monitoring and detection within critical infrastructure systems to identify disruptions promptly. When dealing with cyber sabotage, the goal is often to cause disruption or degradation rather than complete shutdowns. Focusing solely on “system shutdown” represents outdated, traditional risk management thinking.

To address these challenges, our nation’s infrastructure requires improved preparedness measures upfront. OT cybersecurity programs need to be established, incorporating essential elements such as baseline risk assessments, comprehensive asset inventories, regularly updated incident response plans and consistent testing.

Introducing Cyber Informed Engineering

Another way for OT systems to protect critical functions is by adopting cyber-informed engineering (CIE) and consequence-driven, cyber-informed engineering (CCE) to protect what matters most. CIE and CCE ensure that even in the face of an attack, the core operations of the company continue to function. Unfortunately, the Colonial Pipeline attack demonstrated the opposite scenario, where the primary pipelines were shut down, leaving only a few tributaries operational. It is imperative for critical infrastructure systems to incorporate additional monitoring measures that complement CIE to ensure the security of their systems, enabling them to learn from past mistakes like the Colonial Pipeline hack and prevent their recurrence.

The post Two Years Since the Colonial Pipeline Hack, Here’s What We’ve Learned appeared first on Cybersecurity Insiders.