The National Cyber Security Council (NCSC) recently issued a warning after it became aware of ongoing malicious attacks targeting the UK’s critical national infrastructure (CNI).
What is concerning is that the NCSC admits that it appears cybercriminals have been targeting and hacking organisations in the supply chain connected to UK’s CNI since at least March of 2017.
The hackers have been working to gain access to information using a number of techniques like planting malicious links on popular sites, targeted spear phishing attacks against the organisations, and harvesting logon details with publicly available hacking tools - with the ultimate goal of breaking into systems and grinding critical infrastructure to a halt.
RSA Security advanced cyber defence practice director Azeem Aleem says protecting the nation’s critical infrastructure is a matter of national security, but cybersecurity is often more complex within these environments.
“Firstly, it is only in recent years that old manual systems have been ‘digitised’ and connected. For years prior the whole focus has been on physical security, which means these companies are often years behind those in banking and retail, per se,” says Allem.
“My advice would be to face these challenges head on and the only way to do this is by having visibility and context. This means conducting a thorough risk assessment, understanding the dependencies between systems, using threat detection to monitor and alert on attacks, and contextualising results with business context in order to prioritise events.”
Aleem says there is a critical problem within many critical infrastructure companies, making them incompetent in fighting against cybercrime.
“Critical infrastructure companies are often dependent on legacy infrastructures with complex dependencies, and little visibility. They are unable to correlate security events to specific business outcomes – a problem we call the ‘Gap of Grief’,” says Aleem.
“Take the recent wave of WannaCry and Petya attacks; the industry was quick to cry ‘patch’, but actually that isn’t always possible, as patching systems without proper testing could actually cause more damage.”
Huntsman Security head of product management Piers Wilson says these attacks on national infrastructure should be “utterly frightening” given the chaos hackers can cause through sabotage and it’s made possible in part because of a lack of qualified security personnel and historic underinvestment.
“Within 2 years there will be over 1.5m security jobs unfilled globally, meaning that there simply aren’t enough resources in the UK to cope with the growing threats facing our critical infrastructure. Before the digital era, it was relatively simple to prevent and stop attacks, but now it’s much harder,” says Wilson.
“There’s often no easy way to block all of these potential threats at the perimeter, and trying to do so will just result in security analysts becoming overwhelmed by the sheer volume of probes and false positives that mask real issues.”
Wilson says it’s time that organisations accept that traditional defences like firewalls and anti-virus are simply not enough, with emphasis needing to shift away from just blocking attackers to intelligent and rapid detection, containment and mitigation as soon as an attack begins.
“This means having first class, automated threat and security intelligence capabilities that can manage the deluge of potential problems - sorting real threats from the background noise of systems and network operation; freeing up security analysts to deal with the real problems as quickly and efficiently as possible,” says Wilson.
“In the digital age, everyone – from the government and critical infrastructure organisations to businesses and charities - needs to accept that they can’t stop every attack at the boundary. Shifting focus will help to keep them and the rest of the UK safe."