Imagine what would happen if hackers compromised the U.S. power grid on a cold winter night. The entire nation would face a massive blackout, with no heating, and communication would be cut off. And it doesn’t end here. Water supply gets hampered, air traffic comes to a halt, and hospitals can’t function, too. Basically, a catastrophe.
While this might sound a little extreme, the possibility of something like this happening cannot be entirely ruled out. KnowBe4 has predicted a rise in catastrophic attacks on critical infrastructure in 2023. Given the ongoing geopolitical tensions, particularly due to the Ukraine and Russia war, experts anticipate that there is a high likelihood of a major outage resulting from a compromise of critical infrastructure.
Such an event could have severe consequences for society and the economy, potentially impacting a large number of people or even entire nations. Also, in times of economic hardships, such as during a recession or high cost of living, there may be an increase in digital civil disobedience in the form of individuals attacking government or national infrastructure sites as a form of protest.
Related article: How to Protect Your System from Social Engineering Attacks.
Why are experts anticipating a rise in attacks on critical infrastructure?
Experts are anticipating a rise in attacks on critical infrastructure due to the increasing reliance on technology in these systems and the growing number of vulnerabilities in them. The ongoing geopolitical tensions and the potential for cyber warfare are also factors that are increasing the risk of attacks on critical infrastructure.
At the same time, the growing number of state-sponsored and criminal hacking groups, as well as the increasing sophistication of their tactics, tools, and techniques, are contributing to this trend. As critical infrastructure, like power generation and distribution, becomes more complex and interconnected, it also becomes increasingly vulnerable to cyber-attacks and technical failures. This is because these systems, unlike in the past, are now far more reliant on networks of connected devices and are interconnected across geography and sectors.
Cyber-attacks against critical infrastructure don’t solely focus on the energy sector; other industries like transport, public sector services, telecommunications, and critical manufacturing are equally susceptible to such attacks. This vulnerability of critical infrastructure has become a major concern for security experts and has been highlighted by recent real-world incidents.
The failure of one critical infrastructure could result in a devastating chain reaction as seen in some of the attacks on critical infrastructure over the past few years.
Related article: Increasing Threat of Supply Chain Attacks.
What are some recent examples of critical infrastructure attacks?
There have been several examples of attacks on critical infrastructure in the past few years. Some of these are given below.
- In December 2022, there was an armed attack on two electrical substations in rural North Carolina. The incidents resulted in a power outage for over 35,000 customers for days. Schools were closed, a curfew was imposed, and critical medical services were suspended.
- In 2020, a cyber attack on the Colonial Pipeline in the United States caused a disruption in fuel supplies for several states. The attack was conducted using ransomware that encrypted the victims’ files and a ransom was demanded for the decryption key.
- In 2017, the WannaCry ransomware attack affected more than 200,000 computers in 150 countries, including some in the UK/s National Health Service (NHS), causing the cancellation of operations and appointments. It was a major blow to healthcare services.
- In 2016, a cyber attack on the Bangladesh Central Bank resulted in the theft of $81 million. The attackers use malware to gain access to the bank’s systems and then transferred the funds to accounts in the Philippines.
- In 2015, a cyber attack on the Ukrainian power grid caused a disruption in electricity supplies for several hours. This attack was believed to have been conducted by a state-sponsored hacking group and was the first known successful cyber-attack on a power grid.
These examples show that critical infrastructure attacks can take various forms and can have a significant impact on the daily lives of people.
What can be done to block these attacks?
Critical infrastructure, such as power plants, water treatment facilities, and transportation systems, are important to our daily lives. To keep these systems safe from cyber-attacks, it is important to follow some key steps as given below.
- Keep systems separate
The first step is to keep important systems separate from the network whenever possible. This protects the critical systems in the eventuality that attackers get into the wider network.
This strategy also extends to keeping Information Technology (IT) and Operational Technology (OT) separate. As IT and OT become increasingly intertwined, weaknesses in one domain can put the other at risk. Operators of critical infrastructure must create defensive barriers between their corporate networks and industrial sites.
- Adopt good security practices
Weak or default passwords make systems susceptible to unauthorized access. A robust password policy that encourages the use of strong passwords that are regularly changed can go a long way in protecting critical systems.
Using strong firewalls can also help keep attackers out. They control who can get in and who cannot, thus adding a layer of security. It’s important to educate employees about how to stay safe online and what to do in case of an emergency. Defining roles and responsibilities and carrying out regular training to appraise the employees of the latest threats can help build a culture that centers around security.
Monitor suspicious activity both on digital systems and physical premises. Intrusion detection and prevention systems, log analysis, incident monitoring systems, etc. can be used to identify and respond to threats in a timely manner.
- Keep software updated
A lot of attacks are possible because the systems are not updated with the latest software patches making them vulnerable to sophisticated forms of attacks. Thus, it’s important to keep software updated and implement the latest security fixes.
In this case, too, the IT and OT amalgamation presents a concern due to components with diverse lifecycles. So, while personal computers typically last about 5 years, some industrial machinery connected with them can last for 20 years or longer. This means that while certain assets can be safeguarded with the latest security measures, other assets might be incompatible with these measures. This calls for a cohesive security strategy and risk management.
- Check for system vulnerabilities
Check for system vulnerabilities on a regular basis so that you can fix them before hackers can find them. Vulnerability management with regular vulnerability scans should be an integral part of the overall security strategy.
Trend Micro research has highlighted protocol gateways as a particular point of vulnerability. These gateways facilitate information exchange between devices and systems and can cause a huge impact if compromised. Therefore, network security strategies must be tailored to account for these vulnerabilities, too.
- Bring all devices into the security framework
The implementation of the Industrial Internet of Things (IIoT) often relies on private 5G networks which offer penetration routes and potential interception points within the core network. All technologies associated with IIoT such as 5G connectivity, industrial clouds, IoT sensors, etc. must be integrated into the security framework.
Also, offline technologies that interact with the network such as removable media and maintenance terminals should also be considered while developing the security strategy.
- Plan for emergencies
While it is good to take precautions to prevent an attack, it is also advised to be prepared in the event of a security incident. This includes having clear lines of communication between important stakeholders, and a team of specialists to take action to contain damage and start recovery. Here, it’s also important to have an emergency plan with regular backups to ensure business continuity in case of a security event.