Although cybersecurity has been important for quite some time, it seems as though last year was the real wakeup call that we needed to remind us just how important it is. Between the rise in the number of attacks to the scale of some of them, we have seen the potential damage that this evolving threat landscape can cause. Going forward, remaining vigilant of the trends in threats, such as the growth in ransomware, is crucial. One trend that our industry needs to be particularly mindful of is the increasing risk associated with OT systems. That is why we are echoing the alarm ringing for OT security.
Risks Such as Russia Fuel Concerns Over Critical Infrastructure Cybersecurity
According to TechCrunch, investments in cybersecurity have skyrocketed to around $29.3 billion, with a number of deals including 286 M&As. Much of this expansion is a response to the corresponding expansion of threats, which are both escalating and constantly changing. Of the areas of interest, OT is becoming more and more prominent. Peaking this focus is the heightened awareness around critical infrastructure protection since this sector is heavily reliant on OT systems. Alongside previous events like the Colonial Pipeline breach and attempted attack on a water facility in Oldsmar, Florida, we also face current concern over Russia. Not only does Russia have a history of carrying out state-backed cyberattacks, but its ongoing invasion of Ukraine and ensuing actions have the cybersecurity field overall on high alert. Ukraine’s Governmental Computer Emergency Response Team recently confirmed that Russian group Sandworm launched a series of cyberattacks against a Ukrainian energy facility. The attacks were developed to try and take advantage of IT and OT, “including high-voltage substations, Windows computers, servers running Linux operating systems, and network equipment,” as CSO reported.
CISA Expands the Joint Cyber Defense Collaborative
When addressing the attack on the Ukrainian energy facility, Andrii Bezverkhyi, CEO and founder of SOC Prime, stated, “”Attention should be paid” to this attack by all energy providers, including those in the U.S.” Considering the mess a Russian intrusion of the energy sector or any critical infrastructure network could create, a significant emphasis has been put on taking action at the federal level in order to enhance the ways in which we guard these systems. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) expanded the Joint Cyber Defense Collaborative (JCDC). Now the JCDC will include a range of Industrial Control Systems (ICS) experts. Part of the mission of this decision is to “contribute to real time operational fusion across private and public partners in the ICS/OT space,” based on CISA’s website.
Addressing OT Security
“Cyber threats to the systems that control and operate the critical infrastructure we rely on every day are among our greatest challenges. As the destruction or corruption of these control systems could cause grave harm, ensuring their security and resilience must be a collective effort that taps into the innovation, expertise, and ingenuity of the ICS community,” said CISA Director Jen Easterly when speaking on the CISA’s announcement. With this urgency, the main question that the various organizations involved seek to answer is, ultimately, how do we best protect critical infrastructure and OT systems? One method that may be attempted by some is IT and OT segregation. In an article for Infosecurity Magazine, Keith Chappell noted that this is easier when completed at the design stage. However, that is often not the case. Therefore, retrospective segregation may be executed, but this requires proper planning. It is important to also consider other risk mitigators like firewalls and virtual segregation (VLANs), according to Chappell.
Even before testing such a process, a report for Power Magazine suggests that critical infrastructure operators ask themselves a series of questions such as, “Do I know what I need to protect? Are there holes in my protection? Can I detect if a bad actor is in the system? If I find infiltrators, can I get them out?” Another suggestion outlined in the outlet is to establish partnerships with OT specialists who understand the environment. This is important, for one, because as we’ve covered, the threat landscape is increasingly vast and dangerous. Secondly, the critical infrastructure involves several sectors. As we know, water systems have faced risk, energy has been attacked and food production has even been targeted. But that’s not it. TechCrunch summarized that the transportation industry has seen a 186% increase in weekly attacks from 2020 to 2021. Maritime attacks alone have increased by 900% since 2017. As Matt Gatto writes in that report, “At the end of the day, OT security is a national security issue.”
Sources:
- “The how and why of raising OT security capital” – Matt Gatto, TechCrunch
https://techcrunch.com/2022/03/31/the-how-and-why-of-raising-ot-security-capital/ - “Ukraine energy facility hit by two waves of cyberattacks from Russia’s Sandworm group” – Cynthia Brumfield, CSO
https://www.csoonline.com/article/3656954/ukraine-energy-facility-hit-by-two-waves-of-cyberattacks-by-russia-s-sandworm-group.html - “Cisa Expands The Joint Cyber Defense Collaborative To Include Industrial Control Systems Industry Expertise” – CISA
https://www.cisa.gov/news/2022/04/20/cisa-expands-joint-cyber-defense-collaborative-include-industrial-control-systems - “How to Manage Patching in Infrastructure to Protect Against Cyber-Attacks?” – Keith Chappell, Infosecurity Magazine
https://www.infosecurity-magazine.com/opinions/manage-patching-infrastructure/ - “Four Questions You Must Ace to Ensure Sound Cybersecurity in OT Systems” – Aaron Larson, Power Magazine
https://www.powermag.com/four-questions-you-must-ace-to-ensure-sound-cybersecurity-in-ot-systems/