As the war in the Ukraine rages on, the threats of
Cyberattacks are growing at an exponential rate, so much so, that even the IT
Security teams are having a hard time just trying to filter through all of
these warnings and alerts.
This is even despite the fact that a majority of them are
using some of the advanced tools possible to filter for all of this, including the
use of SIEMs and even AI and ML. While
we have the ability now to combat most kinds of digital threats (provided that
we know about them with some time to spare), there is one area that still
pervades us: Our Critical Infrastructure.
This is a topic in which I have written numerous articles
on, but the threat is real today. Both
CISA and the FBI have out various alerts on this, warning those businesses to
try to take a proactive stance as much as possible. But unfortunately, there is not a lot one can
do. One of the main reasons for this is
that the major components of our Critical Infrastructure were built way back in
the 1970s.
During that timeframe, nobody even thought of the word “Cybersecurity”.
Most of the worries back then were about physical access entry, which meant
that only authorized individuals could enter into the premises.
While our Critical Infrastructure has been hardened with this
in mind, the same cannot be said of Cybersecurity. Many of the security protocols still remain
outdated, so you cannot simply apply software patches and upgrades. And if you can, you have to make sure that
they will intermingle “nicely” to what is already in place.
The thought then comes to mind why not just rip out the old
Critical Infrastructure, and put in a new one.
Once again, this is far easier said than done. Many of the other components still rely upon
these legacy systems, so if one were to take this approach, it would mean a
huge amount of downtime, that could last for days or even weeks. Nobody wants to go through that.
To paint an even bleak picture even bleaker, consider some of
these stats about Critical Infrastructure that were just released:
*The total number of attacks increased by 52% to a whopping
1,440 cases in 2021;
*21 out of the 82 vendors that participated in this survey
had issues with the latest software patches and/or upgrades that they just installed;
*Nearly 60% of the Critical Infrastructure pieces could be
quite easily accessed remotely by a Cyberattacker.
These stats are illustrated below:
Probably of the starkest of a Cyberattack on our Critical
Infrastructure was the Colonial Gas Pipeline, which occurred late last
year. This forced the company to shut
down all of their pipelines, and halt all deliveries to their suppliers.
But this had huge ripple effects, as the commodity prices
for both natural gas and oil spiked up drastically for a short period of
time. In the end, a huge ransom was paid
out, in an effort to get things going again.
But as the year goes on and as the situation in Ukraine continues
to unfold, the attacks on Critical Infrastructure will more likely be in the form
of Ransomware. The main catalyst for this
is that we rely upon this for our every day lives, even more so that the
digital technology. Imagine not having
water or food for days on end?
Because of this, there will be a much greater tendency to
pay up, and this will only serve as a huge motivator for other similar kinds of
Ransomware attacks to continue – because the Cyberattacker knows that they will
get an almost immediate payout.
This is totally unlike a Ransomware attack on digital
assets, where the recovery time is much shorter, and there are also ways in
which paying a ransom can be circumvented.
In fact, according to the report, only 70% of the businesses
could fully patch to varying degrees their pieces of Critical
Infrastructure. While this can be considered
as good news, keep in mind that it, for a lack of a better term, literally
forever to get these software patches and upgrades to be fully operational with
the other legacy based systems that were in place.
But also keep in mind that there are still the remaining 30%
of the respondents that have not even patched their systems yet.
My Thoughts On This:
The fundamental question to be here asked now is will there
ever be a time and a place where we can patch up our legacy Critical Infrastructure
just as quickly as we can deploy software patches and upgrades to our digital assets? I think we can, but it is going to take a
long time, just given how old these pieces are.
It will take large, dedicated teams to handle this, and keep
in mind that we are dealing with resources whose suppliers are even no longer
in existence.
Also keep in mind that the Industrial Internet of Things (IIoT)
is also making a mess of things as well.
This can be viewed as a subset of the IoT, but its geared primarily towards
the industrial sector. There are vendors
now out there who make products for this area, and very often they are not even
secure themselves.
Not only does this make an existing problem even worse, but
it is also greatly increasing the attack surface as well, leaving many more
backdoors for the Cyberattacker to penetrate into.
Now I am by no means a Critical Infrastructure expert, but
based upon the research and the writing that I have done, there is no immediate
solution on how to protect our Critical Infrastructure. We just have to keep our fingers crossed, and
literally hope for the best.
And if a Ransomware attack does occur, the best option might
be in the end (and keep in mind I am not at all in favor of this), is to simply
pay the ransom in order to get our mission critical operations up and running
again, so that innocent American citizens do not have too endure a lot of pain
and suffering.
Finally, more details about the study on attacks to Critical
Infrastructure can be downloaded at this link:
https://www.claroty.com/2h21-biannual-report/
No comments:
Post a Comment