Story image

Protecting critical infrastructure comes down to three key things

11 May 16

The cyber threat world is big and extensive, and therefore in order to fully understand the scope of threats to critical infrastructure, businesses need to understand the main areas that industrial control systems (ICS) are vulnerable.

According to Check Point, the pure-play security vendor, the three key areas to be aware of are the IT network, insider threats (whether intentional or unintentional), and equipment and software.

Attacking through the IT network

ICS usually operate on a separate network, called OT (Operational Technology), Check Point says. OT networks normally require a connection to the organisation’s corporate network (IT) for operation and management. Attackers gain access to ICS networks by first infiltrating the organisation’s IT systems (as seen in the Ukraine case), and use that 'foot in the door' as a way into the OT network.

The initial infection of the IT system is not different than any other cyber attack that happens on a daily basis, Check Point says. This can be achieved using a wide array of methods, such as spear phishing, malicious URLs, drive-by attacks and many more.

Once an attacker has successfully set foot in the IT network, they will turn their focus on lateral movement, according to the vendor. Their main objective is to find a bridge that can provide access to the OT network and 'hop' onto it. These bridges may not be properly secured in some networks, which can compromise the critical infrastructures they are connected to.

The threat within

Traditional insider threats exist in IT networks as well as in OT networks. Organisations have begun protecting themselves against such threats, especially after high profile attacks such as the Target hack or Home Depot (and the list is continuously growing). In OT however, the threat is increased.

Similar to IT networks, insiders can intentionally breach OT networks with graver consequences. In addition to this 'regular' threat, there is the unintentional insider threat. Unlike IT networks, OT networks are usually flat with little or no segmentation, and SCADA systems have outdated software versions that go unpatched regularly. Unwitting users often inadvertently create security breaches, either to simplify technical procedures or by unknowingly changing crucial settings that disable security, Check Point says.

The bottom line remains the same either way: the network that controls the critical infrastructure is left exposed to attacks. This is proven time and again as one can easily encounter networks that were connected to the internet by accident, according to Check Point.

Meddling with critical components

The last avenue that endangers ICS is tampering with either the equipment or its software. There are several ways to execute such an operation:

  • Intervening with the equipment’s production. An attacker can insert malicious code into the PLC (Programmable Logic Controller) or HMI (Human Machine Interface) which are the last logical links before the machine itself.
  • Intercepting the equipment during its shipment and injecting malicious code into it.
  • Tampering with the software updates of the equipment by initiating a Man in The Middle attack, for example.

So, how can you protect critical infrastructure?

To fully protect any critical infrastructure, whether it is an oil refinery, nuclear reactor or an electric power plant, all three attack vectors must be addressed, Check Point says. 

It is not enough to secure the organisation’s IT to ensure the security of the production floor. A multi-layered security strategy is needed to protect critical infrastructures against evolving threats and advanced attacks, the company says.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.