INSIGHT OF THE INDUSTRY
The next frontier: digital attacks on critical infrastructure
One of the oldest strategies in both modern and ancient warfare is to attack the enemy where the greatest damage can be done. The notion of disabling normal operations and critical infrastructure not only generates fear, confusion and confusion, but also paralyzes the enemy in ways that make counter-attack difficult, if not impossible. In World War II, for example, the Allies routinely bombed German transport hubs. Even today, during a time of relative peace, the objectives are constantly identified, updated and confirmed, so that, if they ever need to be exploited, they can be exploited.
On July 18, 2018, the Director of National Intelligence, Dan Coats, testified that the enemies of all fronts put in place a new type of objective, namely the digital infrastructure. He compared the "talk" that the intelligence community had collected with respect to the previous September 11, 2001, when he said that "the lights are blinking once more in red." But this threat is not against what we have historically protected, and the impact can be significantly more harmful than we can expect or for what we have prepared.
Technology is around us. Literally, from the moment we get up in the morning until we go to sleep, we depend on technology and digital infrastructure that is directly integrated into the fabric of our daily lives. More than just smartphones or PCs, the technology of operations (OT) is the infrastructure that purifies water, supplies energy, heat and cooling, directs the supply chain that supports consumers and even promotes the advanced technologies that keep us except for our physical attacks.
As a point of reference, in 2003, more than 55 million people on the east coast were plunged into darkness due to a cascading power failure. Most had their power restored in two days. Now imagine twice that number: 100 million people without power for several months due to a carefully designed digital attack. We are really in an era in which a line of code can cause more damage than any bomb. This is not science fiction. It's reality
OT was introduced in the 1950s and contains specialized computers such as programmable logic controllers or distributed control systems that execute the industrial processes that control our world. It is used to generate and distribute energy, manufacture food, medicines and automobiles, and much more. OT is clearly not new; However, the way it operates has changed.
The IT infrastructure for PCs and telephones, for example, is open, accessible and constantly changing to keep up with emerging trends and threats. OT, on the other hand, was always isolated. Few people had access to it, and the idea was to "set it up and forget it". It was not unusual for these isolated OT systems to work for a decade or two, without alterations or changes.
With the advent and adoption of the Internet of Things, more OT systems have connected with each other and with the Internet. As a result, they are no longer isolated and vulnerable to many of the same security threats as IT systems.
In addition, many organizations in both the public and private sectors have purposely created initiatives to converge their IT and OT systems in order to obtain substantial efficiency and cost saving benefits. However, these initiatives have opened a Pandora's box of security problems that can directly affect OT systems that were once isolated.
Over the past 36-48 months, there have been countless reports of both attempted and successful digital attacks on critical infrastructure, both in government and in the private sector. While there have been only isolated cases of targeted systems that have been impacted, experts believe that national states and malicious factions alike have acquired the functionality of "red button" in these systems, which can be used literally in any moment to cause harm. The objectives have been identified, acquired and confirmed.
To ensure that the armament of the critical infrastructure does not become a reality, we must implement the same approach used to protect the IT infrastructure in the OT systems. While the tools must be designed for an OT environment, many of the concepts are the same. They include:
- Maintain an updated inventory of assets.
- System patches when vulnerabilities are discovered.
- Applying a standard of solid access control so that employees, such as employees and contractors, have access only to the assets required for their job function.
- Implement a solid and multidisciplinary threat control system that consists in the detection of anomalies and signatures.
- Perform periodic device checks on OT assets to ensure they run as expected and have not been compromised
The cooperation and exchange of information between the teams responsible for IT and OT security, as well as the community exchange of threat intelligence and countermeasures will help to ensure that industrial systems used in critical infrastructure can not be armed and used against us.