Not only the cyber attacks of the past two weeks on critical infrastructures – energy, logistics, telecommunications – have shown how vulnerable many organizations and their infrastructures are. It becomes particularly sensitive and critical when attacks affect both IT (information technology – PCs, servers, etc.) and OT (operating technology – machines, etc.).
Daniel Bren, the CEO and co-founder of OTORIO, is a well-founded expert on the subject. As a former IT security chief in the Israeli army and today’s entrepreneur, he knows many aspects of the problem:
In 1997, the US Department of Defense (DoD) conducted the first “cyber war games” under Operation Eligible Receiver. A decade later, in 2007, the secret Aurora Generator Test showed how a cyberattack on an industrial control system (ICS) can cause physical damage to a machine and its surroundings. Roughly another decade later, Russia’s cyberattack on Ukraine’s power grid in 2015 was the first of its kind to successfully target and damage energy infrastructure.
Today we see a further escalation of the crisis in Ukraine and growing tensions between Russia and the West. The big difference today? Offensive cyber capacities are now firmly established as a foreign policy tool for authoritarian states such as Russia, Iran and North Korea. Cyber attacks on critical infrastructure are used strategically today to fuel and influence the course of political conflicts. This means that cyber warfare as conceived in 1997 has become a reality today. Thus, the cyber defense of critical infrastructures is a key component of national security today – also in Germany.
Cyber attacks are difficult to localize
A major problem with cyber warfare, as with traditional warfare, is conflict spillover. In the past, conflicts have always escalated, involving actors who were not originally involved in the conflict. Cyber warfare is no different.
When Russian hackers unleashed a virus called NotPetya on the eve of Ukraine’s Constitution Day in 2017, it successfully crippled the Ukrainian government’s and banking sector’s computing infrastructure and affected some 80 Ukrainian companies. It also – frighteningly – paralyzed the monitoring systems at the Chernobyl nuclear power plant. However, NotPetya did not stop at the Ukrainian border. It spread to companies around the world and caused millions of dollars in damage.
For this reason, Western countries are watching the developing Ukraine conflict with particular concern. Not only are they stepping up their defenses against direct Russian cyberattacks on critical infrastructure in response to possible Western sanctions, should they be imposed. They are also concerned about unintended damage to critical infrastructure or the global supply chain from attacks that propagate from their initial targets.
Please confirm your email address!
Click on the link in the email we just sent you. Also check your spam folder and whitelist us.
More information about the newsletter.
Current crisis puts authorities on alert
The US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide array of offensive cyber tools. Cyber attacks on the energy sector are of particular concern for the US. The memory of the Colonial Pipeline shutdown last May is fresh, and serious damage to critical infrastructure could trigger a significant backlash.
In recent days, NATO officials have warned of a cyber attack by Russia. In the UK, the National Cyber Security Center (NCSC) has issued new guidance stating that it is imperative for businesses to stay one step ahead of potential threats. The CISA, FBI and NSA have also issued a joint advisory urging US companies to minimize the gaps between IT and OT security coverage, establish an incident response plan, and manage vulnerabilities and configurations . The US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide range of offensive cyber tools that could target critical infrastructure in the US. The scenarios range from simple denial-of-service attacks to destructive attacks.
These events are another step in the dangerous evolution of increasingly sophisticated and ever more effective offensive cyber capabilities. The threat of cyber war is now very real, and critical infrastructure is clearly in contemporary peril. Organizations must therefore take a proactive approach, that is, assessing risk by getting a view of their networks and understanding the exposure, and then proactively mitigating those risks.
Security tools should be designed for OT ecosystems
It’s also important to realize that securing the networks that control industrial assets and infrastructure requires a different type of cybersecurity approach. Both government and industrial/critical infrastructure operators are realizing the need for attack mitigation tools designed and built from the ground up for OT ecosystems. Operating processes and business continuity have top priority.
To understand the potential risk, an automated tool for exploring the OT environment is helpful, which can be used to determine an organization’s assets from the perspective of a potential attacker. An inventory tool that records all OT, IT and IIoT resources is recommended for a quick assessment of the security situation. Such a tool should also support operational security teams with compliance reports based on security standards and frameworks such as IEC 62443, NERC CIP and NIST. Another risk monitoring and management tool continuously discovers, analyzes and monitors all OT, IT and IIoT assets within the operational environment. It correlates risks and alerts and prioritizes them based on their impact on operational and business continuity. This gives security teams a manageable number of alerts and simplified playbooks with targeted countermeasures.
Cyber hygiene and proactive approach to risk reduction
Basic cyber hygiene is the best way for critical infrastructure to deal with the emerging threat of cyberwar spillovers or direct cyberattacks by national attackers or cybercriminals. Organizations need to take a proactive approach, which means they need to assess the risks by taking a look at their networks and identify the exposure, and then mitigate the risks.”