A significant uprise in the successful cyberattacks against critical infrastructure has been witnessed lately. That includes the frequency and the complexity. In the fiscal year 2015, The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that 295 cybersecurity incidents had occurred--a surge from the previous year’s record 245.
With the changing supply-chain landscape, more and more businesses are relying on vendors having a networked system that can deliver information, products, and services in the just the right time. This potentially has enlarged the attack surface--which translates to an exponential increase in the vulnerabilities. Organizations are interdependent with implicit complexities that can’t be addressed by the conventional management strategies.
The critical infrastructure faces one of the major cyber threats in the cybersecurity world--crypto-ransomware. This is a family of malware designed to encrypt files on servers and endpoints to extort ransom from enterprises. The advanced threat actors could leverage the malware family and potentially customize and utilize the ransomware to hit industrial control system networks or human machine interface (HMI) software and data to cause disruptions. The industry has already suffered quite a number of attacks that are categorized as high profile. Some of them include Israel’s Electricity Authority, Lansing, Michigan’s Board or Water and Light, and various hospitals and universities.
Unfortunately, the critical infrastructure vulnerabilities are not limited to security architecture. In fact, it highly relies on the system and can serve as an access point for island-hopping within the network or to other networks. Especially the most susceptible ones include transportation, communication, water, and energy. The problem is these entities are intertwined with each other. For instance, a massive attack on electricity distribution leads to disruption of public safety and emergency communications networks.
Complex interdependent systems are the biggest risk for all the risk managers. One should address both to mitigate risks while ensuring resiliency. Currently, the rapidly evolving cyberthreat landscape needs holistic resilience and redundancies across networks. Resiliency can be defined as the ability to identify threats and vulnerabilities in real time, protect vulnerable infrastructure, quickly detect targeted attacks, and respond in time to control the damage to swiftly recover and restore operations. The following recommendations given by Trend Micro’s Chief Cybersecurity Officer can help reduce the risk of destructive attacks:
- Segregate corporate and industrial control system networks to reduce the possibility of island-hopping.
- Reduce and protect privileged users to detect and prevent lateral movement.
- Employ application whitelisting and file-integrity monitoring to prevent execution by malicious codes.
- Reduce attack surface by limiting workstation-to-workstation communication.
- Deploy robust network safety measures, including encryption, layers of firewalls, breach detection and code analyses.
- Monitor who logs onto networks on-site and remotely.
- Implement password protection mitigations.
- Deploy anti-malware reputation services to augment traditional, signature-based antivirus software.
- Run host intrusion prevention systems.
- Quickly shield and patch known operating system and software vulnerabilities.