Sunday, March 13, 2022

Will There Ever Be A Quick Fix To The Cyber Issues On Critical Infrastructure???

 


As the war in the Ukraine rages on, the threats of Cyberattacks are growing at an exponential rate, so much so, that even the IT Security teams are having a hard time just trying to filter through all of these warnings and alerts. 

This is even despite the fact that a majority of them are using some of the advanced tools possible to filter for all of this, including the use of SIEMs and even AI and ML.  While we have the ability now to combat most kinds of digital threats (provided that we know about them with some time to spare), there is one area that still pervades us: Our Critical Infrastructure.

This is a topic in which I have written numerous articles on, but the threat is real today.  Both CISA and the FBI have out various alerts on this, warning those businesses to try to take a proactive stance as much as possible.  But unfortunately, there is not a lot one can do.  One of the main reasons for this is that the major components of our Critical Infrastructure were built way back in the 1970s.

During that timeframe, nobody even thought of the word “Cybersecurity”. Most of the worries back then were about physical access entry, which meant that only authorized individuals could enter into the premises. 

While our Critical Infrastructure has been hardened with this in mind, the same cannot be said of Cybersecurity.  Many of the security protocols still remain outdated, so you cannot simply apply software patches and upgrades.  And if you can, you have to make sure that they will intermingle “nicely” to what is already in place.

The thought then comes to mind why not just rip out the old Critical Infrastructure, and put in a new one.  Once again, this is far easier said than done.  Many of the other components still rely upon these legacy systems, so if one were to take this approach, it would mean a huge amount of downtime, that could last for days or even weeks.  Nobody wants to go through that.

To paint an even bleak picture even bleaker, consider some of these stats about Critical Infrastructure that were just released:

*The total number of attacks increased by 52% to a whopping 1,440 cases in 2021;

*21 out of the 82 vendors that participated in this survey had issues with the latest software patches and/or upgrades that they just installed;

*Nearly 60% of the Critical Infrastructure pieces could be quite easily accessed remotely by a Cyberattacker.

These stats are illustrated below:


(SOURCE:  https://www.darkreading.com/vulnerabilities-threats/industrial-systems-see-more-vulnerabilities-greater-threat)

Probably of the starkest of a Cyberattack on our Critical Infrastructure was the Colonial Gas Pipeline, which occurred late last year.  This forced the company to shut down all of their pipelines, and halt all deliveries to their suppliers. 

But this had huge ripple effects, as the commodity prices for both natural gas and oil spiked up drastically for a short period of time.  In the end, a huge ransom was paid out, in an effort to get things going again.

But as the year goes on and as the situation in Ukraine continues to unfold, the attacks on Critical Infrastructure will more likely be in the form of Ransomware.  The main catalyst for this is that we rely upon this for our every day lives, even more so that the digital technology.  Imagine not having water or food for days on end? 

Because of this, there will be a much greater tendency to pay up, and this will only serve as a huge motivator for other similar kinds of Ransomware attacks to continue – because the Cyberattacker knows that they will get an almost immediate payout. 

This is totally unlike a Ransomware attack on digital assets, where the recovery time is much shorter, and there are also ways in which paying a ransom can be circumvented.

In fact, according to the report, only 70% of the businesses could fully patch to varying degrees their pieces of Critical Infrastructure.  While this can be considered as good news, keep in mind that it, for a lack of a better term, literally forever to get these software patches and upgrades to be fully operational with the other legacy based systems that were in place. 

But also keep in mind that there are still the remaining 30% of the respondents that have not even patched their systems yet.

My Thoughts On This:

The fundamental question to be here asked now is will there ever be a time and a place where we can patch up our legacy Critical Infrastructure just as quickly as we can deploy software patches and upgrades to our digital assets?  I think we can, but it is going to take a long time, just given how old these pieces are. 

It will take large, dedicated teams to handle this, and keep in mind that we are dealing with resources whose suppliers are even no longer in existence.

Also keep in mind that the Industrial Internet of Things (IIoT) is also making a mess of things as well.  This can be viewed as a subset of the IoT, but its geared primarily towards the industrial sector.  There are vendors now out there who make products for this area, and very often they are not even secure themselves. 

Not only does this make an existing problem even worse, but it is also greatly increasing the attack surface as well, leaving many more backdoors for the Cyberattacker to penetrate into.

Now I am by no means a Critical Infrastructure expert, but based upon the research and the writing that I have done, there is no immediate solution on how to protect our Critical Infrastructure.  We just have to keep our fingers crossed, and literally hope for the best. 

And if a Ransomware attack does occur, the best option might be in the end (and keep in mind I am not at all in favor of this), is to simply pay the ransom in order to get our mission critical operations up and running again, so that innocent American citizens do not have too endure a lot of pain and suffering.

Finally, more details about the study on attacks to Critical Infrastructure can be downloaded at this link:

https://www.claroty.com/2h21-biannual-report/


No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...