Our critical infrastructure requires urgent fixing
Article by Vijay Vaidyanathan, Regional Vice-President, Solutions Engineering for Asia Pacific & Japan at Claroty.
Around the world, organizations large and small are facing a growing deluge of cybercrimes, buoyed by a combination of seamless global connectivity and pervasive digitalization. But far from the glare of publicity, hackers are quietly pressing their attacks on a different group of systems that are less well-defended and far more critical.
Classified broadly as cyber-physical systems, they work unobtrusively in the background of manufacturing lines or at the local utility, ensuring the smooth production in factories or the seamless delivery of water and power to our homes. With the potential to disrupt the very fabric of our society and smart cities, an attack on such systems would be unimaginable a mere decade ago.
Today, hackers have already crossed the red line to attack these devices, and Gartner predicts cyber attackers will have weaponized such environments to successfully harm or kill humans within the next few years.
The vulnerable side of digitalization
How did we end up in this state, and why are some of our most vital systems so vulnerable? As the world raced towards digitalization and automation to reap greater efficiency and productivity, a wave of change had similarly percolated to places most of us rarely give a second thought to.
Critical installations such as waste management plants, water treatment plants, power substations, energy pipelines, hydroelectric dams, and nuclear reactors have become increasingly automated. By incorporating new sensors and modern digital control systems, they gained substantial benefits ranging from being able to predict failures ahead of time, facilitate smart maintenance, ensure safety, and drive greater efficiency.
But while there is no question about the benefits, one downside is the vulnerabilities that are inadvertently created. For instance, a water treatment plant conceptualized and built two decades ago might be hooked up to the Internet without the cybersecurity safeguards needed to thwart sophisticated cyber aggressors.
And such attacks are no longer hypothetical, but a matter of record. For instance, an intruder logged into a water treatment plant in Oldsmar, Florida in early 2021. The level of sodium hydroxide – a caustic chemical added in limited quantities to purify the water – was increased over a hundred times to an extremely dangerous level; the change was fortunately spotted by a sharp-eyed operator who immediately reversed it.
Later that same year, hackers gained access to the IT systems of Colonial Pipeline and installed ransomware. This forced Colonial Pipeline to shut down the pipeline as a precaution, impacting the movement of oil and gas to the whole eastern seaboard.
Such attacks are not a US-centric problem, but a global one; one in four (26%) of cybersecurity attacks now take place in Asia, according to IBM’s latest annual X-Force Threat Intelligence Index report. The report didn’t differentiate between IT and OT attacks, but attacks on manufacturing organisations made up 29% of attacks in the region – manufacturing firms are far more likely to utilise these vital systems known as operational technology (OT) systems.
A growing problem
We know that cyber-attacks give aggressors such as hostile nation-states or terrorist organizations an asymmetric advantage. Seen in that light, it becomes clear that the pervasive digital infrastructure currently powering our most vital installations can become our biggest liabilities, if only because of the myriad of ways an attacker can potentially compromise it.
Efforts to defend vital OT systems are growing, though there is no quick fix. While potential adversaries likely came from the same group that cut their teeth crafting sophisticated attacks on traditional IT systems, the employees running these facilities are far less cyber-savvy and are burdened with a plethora of operational responsibilities.
Another hurdle would be how OT systems were never designed with cybersecurity threats in mind. Originally meant to operate within an isolated network, they could run on software and operating systems that are no longer supported or which are infrequently patched. Because the infrastructure can be extremely expensive with long depreciation periods, they are kept in operation out of necessity.
Though some of the organizations running these facilities are well-funded and can afford to implement robust cyber defenses, there are a lot of rural hospitals and smaller utilities where the reverse is true. Without a cybersecurity budget or dedicated cybersecurity employees, the result is a lack of basic know-how to protect OT systems.
Tackling the OT challenge
To tackle this looming threat, governments and cybersecurity firms have started looking at various programs to help critical infrastructure providers and close the gap as quickly as possible.
For instance, the United States Department of Homeland Security recently launched the Joint Cyber Defense Collaborative (JCDC) initiative last year with leading technology organizations. In April, this was expanded with specialists in OT security such as Claroty to form the Joint Cyber Defense Collaborative Industrial Control Systems (JCDC-ICS).
Claroty is also a formal member of the IT Sector Coordinating Council (IT-SCC), an entity that coordinates with the U.S. government to enhance critical infrastructure cybersecurity. Claroty will be working alongside other industry partners and key government agencies to improve the cybersecurity resilience of the critical infrastructure sector.
Separately, Claroty and four other companies founded the OT Cybersecurity Coalition to provide collective advocacy for issues important to OT security. Beyond advocacy to ensure that the critical area of OT security gets a voice, there is also data sharing of the threats, vulnerabilities, and insights into what nation-states or cybercriminals are doing.
The idea is to leverage our collective “light posts” established throughout the digital environment to watch for signs of attacks, spot the latest techniques of bad actors, and collectively provide the help, context, and defenses for a united approach to protect critical infrastructure.
The time to act is now
There is a tremendous amount of work that the world still needs to get through to strengthen our cyber defenses. CSOs need real-time information and full visibility of their infrastructure right now, not in days or weeks. For this, they will need the ability to identify, monitor, and defend all connected assets and systems in their critical infrastructure, hospitals, and factories.
The other danger we face is organizations that remain unaware of the risks that poor OT security can pose to our society. This is the reason we are working hard to bring this obscure, hidden world to the awareness of the broader community. When stakeholders can no longer plead ignorance, this forces the requisite decisions and concrete actions to improve OT security.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched a “Shields Up” advisory, in essence putting the world on notice that it is time to guard against cyberattacks. If you have been thinking of getting your cyber defenses in order, the time to act is now.
The views in this article is that of the author and may not reflect the views of Tech Wire Asia.
- Cybercriminals are shapeshifting to evade security controls
- Google Cloud is adding regions in Malaysia, Thailand and New Zealand
- Malware attacks are here to stay and have a new target in its line of sight
- Ensuring seamless tech adoption for financial markets around the world
- Organizations are strengthening their software supply chain security efforts to avoid past incidents