This is the final week of the National Cyber Security Awareness Month, focusing on Safeguarding the Nation’s Critical Infrastructure. Our day-to-day lives depend on the infrastructures that supply our food, water, financial services, health, communications and power, along with other networks and systems. It’s no surprise that these sectors make up the “backbone of the American economy”, according to the Department of Homeland Security.
Any disruption to these systems, interconnected via the Internet, can have significant— even catastrophic—consequences. So they need to ensure they are protected from the growing number of cyberthreats. These are not just potential threats, either. Over the past three years, power grids and even city-wide services have been attacked by criminals, resulting in major disruptions and financial losses.
One of the first incidents to highlight the vulnerability of power grids involved Russian hackers targeting the electrical grid in Kiev in 2015. The attack was repeated in 2016 and again in 2017 when hackers used the ransomware variants Crash Override and NotPetya to launch the “most destructive cyber attack in history,” according to a statement from the White House.
Hackers have also attacked the U.S. electrical grid, first in 2016 and then again this year. Probing the grid in 2016, the US Computer Emergency Readiness team concluded that the perpetrators dispatched a multi-stage campaign that targeted numerous commercial facilities. Upon gaining entry to the network, they planted malware before moving laterally across the network to learn how the grid’s Industrial Control Systems operates.
Another attack this year highlighted how entire cities can be severely impacted by a cyber-attack. In March, a ransomware attack hit the city of Atlanta in what may have been the worst cyberattack to ever strike a US city. The enterprise-focused ransomware named “SamSam” targeted government computer systems. It cleanly wiped out a third of Atlanta’s mission-critical software applications and brought essential municipal functions, like wastewater processing, traffic cameras and court proceedings, to a standstill. While trying to recover from the attack, law enforcement, court and council staff were forced to use pen and paper and were unable to access records. The attackers demanded $51,000 in bitcoin to unscramble the systems and data, and it cost the city nearly $10 million in total to recover from the attack.
To prevent attackers from targeting our critical systems and disrupting their operations, we need to build better security into critical infrastructure. But this is a huge challenge because of the variety and complexity of the networks employed across the different sectors and industries globally. The extreme complexity creates vulnerabilities which hackers can then exploit.
For example, in energy and water utilities, there are large numbers of disparate computerized industrial control systems that manage industrial equipment such as turbines, pumps and controllers. These systems, often originally deployed decades ago, were not designed with security in mind: they were built to simply follow the instructions received from their command and control centers. But these communications are made via IP-based networks making them accessible from the open internet and thus vulnerable to attacks.
All a hacker has to do is infiltrate the networks of the organization and move laterally across its networks to find and gain access to those operational systems. From there, it’s easy to cause disruption and damage.
Fortunately, the hackers’ methods also highlight how we can better protect critical infrastructure against attack. We need to stop the initial hacker infiltration into the network at the perimeter. If a hacker does manage to break through an organization’s perimeter defenses, then we need to prevent the hackers from moving laterally across networks to locate the critical systems.
An effective method for preventing lateral movement is by using intelligent network segmentation. In this scheme, critical data assets and operational systems are separated from other networks in the organization and from the public internet with firewalls deployed at each border between networks. Firewalls block unauthorized users and traffic from jumping from one network to the next.
While statistics indicate that ransomware attacks have fallen by 30% over the past year, many believe that we could be at the precipice of a new series of deadly cyber-attack attempts. The new mega-attacks will spread rapidly so as to cause maximum damage and disruption. Organizations need to ensure that they are using security best practices to block and mitigate the impact of these attacks on critical systems.
While the challenge is complex and the adversaries are growing cleverer by the day, protecting critical infrastructure from cyberattacks is a possible task. The security best practices that we’ve presented here can protect critical systems effectively, keeping them running and ensuring the safety of millions of people.
Receive notifications of new posts by email.