I have an upcoming that will be published later this
year. It is all about Supply Chain Attacks,
and in fact, one whole chapter is devoted to how the Crowd Strike and Solar
Winds breaches happened. But, It is not
just digital assets that are at risk, even physical ones are also prone as
well.
In this regard, it is our nation’s Critical Infrastructure
that is at grave risk. Examples of this
would include our water supply, gas and oil pipelines, the national power grid,
our food supply system – all that we need to live comfortably every day.
But the problem that drives the issue of instability in
the Critical Infrastructure is that the technology that drives is too
outdated. This is referred to as “Operational
Technology”, and it can be technically defined as follows:
“[It is
defined as technology that interfaces with the physical world and includes
Industrial Control Systems (ICS), Supervisory Control and Data Acquisition
(SCADA) and Distributed Control Systems (DCS).”
(SOURCE: https://www.ncsc.gov.uk/collection/operational-technology)
These components were built in
the late 1960s and early 1970s, and neither the parts for them are no longer
available nor have the vendors simply just disappeared. There have been serious thoughts given to
simply gutting out the old components and putting new ones in, but this is almost impossible. There are many other subcomponents that rely
upon them and would not collaborate well with the newer staff.
Thoughts have even been
given to just adding new Cybersecurity technologies to the existing OT staff,
so that they would not have to be ripped out.
Btu yet once again, interoperability is the issue. The old simply will not play nicely with the new. Because of this, our Critical Infrastructure
is at grave risk. Consider some of these
stats:
*Ransomware attacks to the OT
that drive the Critical Infrastructure has risen by 87% on a Year Over Year
(YOY) basis.
*Through a study that they
conducted, Palo Alto Networks discovered that at least 70% of businesses (which
do not necessarily include the Critical Infrastructure) have suffered some sort
of OT related security breach.
(SOURCE : https://www.darkreading.com/ics-ot-security/boards-fix-ot-security-regulators)
But it is also important to
note that the Cyberattacker can quite easily attack the weak points in the
Critical Infrastructure, because there are so many of them. But rather than doing that, and in effort to cause as a cascading effect of
damage, they typically pierce through a backdoor in the IT and Network Infrastructure.
That way, they can stay in
for long periods of time, and wreak havoc on say the national gas pipeline system,
as in the case of Colonial Gas.
But it’s not just here in the United States, these kind of attacks are happening
all over the world, with most of the headlines coming out of the Ukraine. In these cases, their Critical Infrastructure
is not being hit directly per se, but rather, through the OT or other IT/Network
systems that drive them. One of the best-known cases occurred in
Lviv.
Back in 2024, a Russian
hacking group deployed a malicious payload in the OT that drove the heating utility
company there. As a result of this, over
six hundred buildings lost much needed heat for well over 48 hours.
In fact, the very same thing
even happened here in the United States, though it was not made public. The Chinese hacking group deployed a piece of
malware (known as the “Volt Typhoon”) into the OT systems of the national power
grid.
This went
undetected for an alarming one-year period!!! Luckily,
nothing happened about it, but the Cyberattackers
had every opportunity to move in a lateral fashion to attack our water supply
as well.
My Thoughts on
This:
Unfortunately, at the present
time, there is not much we can do, at least in my opinion, to really beef up
the lines of defenses at our Critical Infrastructure. To do this, we would have to implement new controls into the components of the OT
itself, which are the ICS, SCADA, and DCS (as it was presented in the
definition).
But once again, you simply cannot
expect the new to have a nice tango dance with the old – not going to happen.
The other option would be to
hold the Board of Directors, and their corresponding C-Suite take more action.
But while they may acknowledge the fact that it is an issue, the chances of them
taking any action on it are almost nil.
Heck, if they cannot address
Cyber issues that directly impact them, what makes one think that they will act
on Critical Infrastructure?
True, the Federal Government
could step in, but given the political
chaos that is happening today, this is too far-fetched a reality. Even if any bills were passed into
legislation, it would be far too outdated to keep up with the pace of
technology.
But there is one option that could prove viable. That is the Zero Trust Framework. With this, the IT and Network Infrastructure
of a Critical Infrastructure would be divided up into different segments or “zones”. Each one of these would have their own layer
of protection, making use of Multifactor Authentication.
That way, no modern
technology of a huge amount would have to be implemented, the only items that would
really be needed are the authentication mechanisms that would be needed to confirm
the identity of the end user.
The main premise behind this
is that if the Cyberattacker can break through one “zone”, the chances of them breaking
through all of them becomes statistically zero.
But, as a country, we absolutely must come together as one to figure out
best to upgrade the OT systems and the Critical Infrastructure. It’s not just one business that will be impacted;
it will be the lives of all Americans that could be gravely impacted in one fell
swoop.
No comments:
Post a Comment