Share this article on:
Critical infrastructure has been the target of a widening array of cyber security threats, including the high-profile Irish Health Service Executive attack and Colonial Pipeline attack.
Following a cyber security breach on Australian telecommunications giant Optus that compromised about 1.2 million customer data, the great southern land has been under back-to-back attacks. In the financial year 2021–22, critical infrastructure experienced approximately 95 cyber incidents, making up around 8 per cent of all the incidents responded to by the Australian Cyber Security Centre.
In the wake of these major breaches, the government has been placing a growing emphasis on critical infrastructure cyber security. However, while significant progress has been made, the dynamic threat landscape poses a lot of challenges.
Now, here’s the million-dollar question: how do you stay ahead in the cyber security game? With minimal history and precedence, critical infrastructure security is still in its nascent stages, and many organisations are unsure of where to start.
Identifying the security loopholes/Mapping the attack surface
One of the significant challenges critical infrastructures face is their interconnected nature because vulnerability in one sector can have cascading effects on others. For instance, a major cyber attack that could successfully compromise the security of the power grid could quickly spiral into a city-wide crisis, impacting transportation, emergency services, and even the basic necessities. Therefore, the first line of defence must begin with identifying your critical systems within the premises, prioritising them based on their vulnerability level, and identifying the potential impact they could have on your organisation.
One of the key steps in this process is mapping the attack surface of your infrastructure by identifying all the points that could potentially be targeted by attackers.
To begin with, it’s essential to conduct a comprehensive inventory of your critical infrastructure components. This includes cataloguing all the physical assets, such as servers, routers, and control systems, as well as digital assets, like software applications, databases, and network connections. It’s equally important to consider any dependencies or interconnections between different components of your infrastructure. The interconnected nature of critical infrastructure means that compromising one element could have ripple effects on others.
Once the scope of the infrastructure is understood, and the possible weak points are identified, businesses need to establish a written incident response plan (IRP) that defines what an organisation needs to do before, during, and after an actual or prospective security attack on one of the systems.
As you continue to map, delve into the software and systems running within your infrastructure. Identify the operating systems, applications, and firmware versions in use. Often, outdated software can serve as an open invitation to attackers, so it’s important to stay up to date with security patches and software updates.
A collaborative approach to cyber security
When it comes to securing critical infrastructure, a collaborative approach is key, as it requires the concerted efforts of multiple stakeholders. In order to establish a secure environment, regulatory bodies play a crucial role by setting up frameworks, standards, and regulations to guide the process. At the same time, organisations themselves must prioritise cyber security and make the necessary investments in technologies, practices, and skilled personnel to strengthen their defences.
In the past, concerns surrounding bad actors gaining access to critical infrastructure were minimal, considering that operational technology (OT) systems operated independently, separate from the internet. This “air gap” ensured that even if an IT network was compromised, the attackers couldn’t infiltrate the OT environment. However, as the saying goes, no technology connected to the internet is unhackable; with the convergence of OT and IT, the scenario has changed. Field workers and software engineers alike now need to be trained and educated on responsible cyber security practices to prevent any potential vulnerabilities from being exploited.
It’s crucial that everyone involved understands their role in maintaining a secure and resilient infrastructure.
Roadmap to a resilient infrastructure
1. Achieve a 360-degree visibility
Cyber threats have been growing in sophistication and frequency. Unfortunately, most organisations continue to be in a blind spot when it comes to having a clear understanding of what needs to be protected, how to protect it, and when.
The roadmap to navigating across the digital labyrinth and achieving resiliency begins with gaining comprehensive and real-time visibility into all the critical assets, including hardware, software, applications, data, and user access. It means knowing the status, location, and interaction of each asset at any given moment. This level of visibility allows organisations to detect potential vulnerabilities, anomalous behaviour, and unauthorised access promptly. Deploying an IT service management (ITSM) framework will allow IT to cover a wide aspect of IT services, including asset management, incident management, and so on.
2. Manage and secure critical assets remotely
With the rise of remote work, distributed teams, and cloud-based infrastructures, organisations are relying heavily on remote endpoints. Remote work, distributed teams, and cloud-based infrastructure mean remote endpoints are being used in every organisation. In monetary terms, managing these critical assets remotely promotes cost-effectiveness. It reduces the need for onsite staff, slashes travel expenses, and eliminates the need for physical infrastructure, resulting in substantial cost savings.
From a cyber security standpoint, having real-time access to critical assets allows for prompt detection and response to potential security breaches. IT teams can apply security patches, conduct vulnerability assessments, and enforce security policies remotely.
To cover the threat aspect of remote endpoints, organisations can turn to endpoint detection and response (EDR) solutions. EDR continuously gathers data from all endpoints, including servers, mobile devices, and IoT, searching for any signs of suspicious behaviour or malicious activity. When it spots any recognised or potential security breaches, it takes immediate action to stop or minimise the impact of these risks.
On the other hand, embracing a unified endpoint management (UEM) strategy allows IT admins to manage the endpoints within the IT environment remotely. Organisations can geo-track devices while also staying updated on their security status and policy compliance. For instance, an IT admin can choose to be notified if a device isn’t compliant with the predefined password policy. Moreover, remotely distributed devices can be troubleshot without demanding the physical presence of the asset.
3. Solve the identity crisis
In addition to device security, chief information security officers (CISOs) must also focus on identity security in the enterprise. Ignoring identity management can lead to shared group accounts, weak authentication, and excessive access privileges, creating security gaps. Implementing baseline identity and access management (IAM) protocols helps mitigate identity-related risks.
4. Adopt a zero-trust attitude
Today’s decentralised and distributed work culture calls for a divide-and-rule policy. While the castle and moat approach seemed to be efficient decades back, the remote distribution of devices, data, and the edge calls for solutions that aren’t solely reliant on the perimeter. The principle of zero trust (ZT) answers the concerns by authenticating identity based on the users. Moreover, the ZT architecture microsegments the entire network into smaller sub-networks. Each segment can have its own security policies and controls, effectively isolating different parts of the network and preventing unauthorised access between segments. In such an instance, even if a bad actor infiltrates one area, the prevention of lateral movement stops them from infiltrating the entire system.
A significant challenge in the cyber security industry is the uneven talent pool. There’s no doubt that automation is a great tool, and it is getting smarter with artificial intelligence (AI) and machine learning (ML) helping to detect and prevent threats before they wreak havoc. However, the concept of automation is only a supplement to human intelligence and not a replacement. Some technological blind spots can only be eliminated with a human touch.
Without skilled resources, cyber security technologies can only do so much. Therefore, it’s necessary to have a skilled set of experts with the right gear for effective cyber security.
On the other hand, the current threat landscape needs solutions that can work together seamlessly. The lack of integration and interoperation can cause inefficiency and leave gaps in security coverage. Cyber security is a shared responsibility, and we need everyone, stakeholders and resources alike, to collaborate and work together to stay one step ahead.
Apu Pavithran is the chief executive and founder of Hexnode.