Introduction
Our Critical Infrastructure is of at grave risk today. But instead of looking at the situation right
now, let’s see what the future could hold in 2023.
What The Future
Holds
Cyberattacks on Critical Infrastructure are occurring at a
more rapid rate now, and it has garnered the attention of the industry. However, it still has not fully captured the
sense of urgency yet in that something needs to be done to fortify these
structures further. What is anticipated
for the future? Here is a glimpse:
1)
Segmentation could occur:
In the digital world, this one of
the big buzzwords that are being floated around right now. At present, most businesses typically have
just one defense line that separates the threats from the external environment
into the internal environment. This is
very often referred to as “Perimeter Security.”
But the fundamental flaw (and a very serious one) is that once the
Cyberattacker is able to break through this, they can pretty much move laterally
and get access to anything they want to.
Thus, with the implementation of MFA and the Zero Trust Framework, there
have been calls now to further divide up the IT and Network Infrastructure that
exists in the internal environment into smaller chunks, and this is known as
“Segmentation.” Each segment would have
its own set of defenses, and the statistical probability of a Cyberattacker
breaking through all of these segments becomes lower each and every time, and
as a result, they give up in frustration.
It is hoped that this same line of thinking can also be applied to
Critical Infrastructure as well. However, the main problem is that they all
consist of legacy computer systems, which may or may not support the
Segmentation efforts. Even if they do,
there is no guarantee that it will be sustainable for the long term.
2)
The Internet of Things:
Right now, this phenomenon has been
further catapulted by the rise of the Remote Workforce, where pretty much
everything has gone digital. This is the
notion where all of the objects that we interact with within both virtual and
physical worlds are interconnected with another. There is a great interest, and even efforts
are currently being undertaken to bring the world of the IoT into Critical
Infrastructure. This now becomes known
as the “Industrial Internet of Things,” or “IIoT” for short. But it is expected that this trend will
quickly dissipate into the future as more Cybersecurity attacks are launched
against Critical Infrastructure. The
reason for this is simple: With an IIoT
in place, the attack surface becomes much more significant, and the number of
backdoors that the Cyberattacker can penetrate into is now greatly
multiplied.
3)
The financial damage will escalate:
As more threat vectors are
launched, they will obviously become more sophisticated and covert in
nature. Given this, the financial toll
that it will take on Critical Infrastructure that are impacted is expected to
reach well over the multimillion-dollar mark.
Also, is it anticipated that the downtime period to recover from future
attacks will be a lot longer than what it is at present, thus adding more to
the financial toll. With the convergence
currently taking place within the IT and the Operational Technology (OT)
realms, the Cyberattacker will quickly gain access to either the ICS or SCADA
systems via any vulnerabilities gaps that persist in the network of the
Critical Infrastructure.
4)
A closer collaboration with Cybersecurity:
It is also expected that the Critical
Infrastructure leaders will start to work closely with the Cybersecurity
Industry. Not only will there be attempts
made to try to add on security tools/technologies that can interoperate with
the legacy ones, but there will be even a greater effort to share threat
intelligence information/data on a real-time basis so the IT Security teams of
Critical Infrastructure can be much better prepared to handle any threat
vectors that are looming on the horizon.
This new movement has been termed the era of “Shared Responsibility
appropriately.”
5)
A greater need for Cybersecurity Insurance:
Essentially, by purchasing this
kind of policy, a company, in theory, can be protected by financial losses if a
Cyberattack impacts them. But the
reality holds different in the sense that there is still a lot of confusion out
there as to what will technically be covered.
So while a company may think they have full coverage, the chances are
still there that they will not get a 100% payout. But despite this, the Critical Infrastructure
is starting to understand the need for some sort of financial protection in
case they are breached. Thus, there will
be a great increase in demand for Cybersecurity Insurance Policies in the
coming years in order to recoup any financial damages incurred by attacks on
legacy systems.
6)
Migration to the Cloud:
At present, there is a lot of
efforts now to move On-Premises solutions to a Cloud-based platform, such as
that of AWS or Microsoft Azure. While
there could be some success with this as it relates to Critical Infrastructure,
there is also the realization that a pure 100% migration will probably not
happen. The primary reason for this is
that, once again, most of the developed technologies for Critical
Infrastructure were developed back in the ’70s and the ’80s. Thus, trying to put all of this into
something as advanced as the Cloud probably will not be able to occur.
Conclusions
It is important to keep in mind that Cyberattacks do not
just happen to digital assets. This is
where the current mindset is at with Corporate America, and this drastically
needs to change. For example, there are
physical assets as well, namely that of the Critical Infrastructure.
As we have seen with the last attack (in which the
perpetrator actually tried to poison the water supply), this area of industry
is at grave risk. An equal amount, if
not greater, attention needs to be spent in this area as well in order to come
up with ways to mitigate further its risk of being impacted by a security
breach.
The downtime suffered here will be a lot longer and even
more devastating than what has been witnessed with security breaches that have
transpired in the digital world.
Sources
1)
https://iiot-world.com/ics-security/cybersecurity/six-cybersecurity-predictions-for-critical-infrastructure-and-the-iiot-in-2019/
No comments:
Post a Comment