Critical Infrastructure (CI) is a word for all of the physical and digital assets that are essential for the smooth functioning of nations all over the globe. The sectors that comprise this critical infrastructure differ from one country to another. For example, in the United States, we consider 16 different sectors to be vital as opposed to only 13 in the United Kingdom. The disruption or damage of CI as a result of an attack or other issues can have severe and far reaching effects.
To date, cybercriminals seeking crypto payouts have been the most high profile propagators of attacks on critical infrastructure. But what would happen if a bad actor has plans beyond a quick payday? What if the goal of an attack is to create chaos by eliminating critical infrastructure to harm a country?
Attacks on CI could easily devastate the livelihoods of millions of people and under the right conditions, could even bankrupt companies. In the interest of national and global security, CI facilities must take the correct and proper measures to prevent these malevolent threat actors from accessing and disabling their networks.
These Attacks Are Widespread and Common
Attacks on CI are becoming increasingly more common topics of discussion on the evening news. We’ve all heard about these cases, just like the ones mentioned below. It’s a frightening new reality and this emphasizes how prepared we need to be. A few real world examples:
- Colonial Pipeline
In May of 2021, this critical pipeline system for refined oil in the U.S. — the Colonial Pipeline — was hit by a cyberattack that stemmed from a single compromised credential. The result? Colonial Pipeline’s gasoline distribution to the East Coast was shut down for nearly a week and gas prices skyrocketed immediately across the SouthEast.
- JBS SA
The largest meat processing company in the world, JBS SA, fell victim to a cyberattack a few weeks after the Colonial Pipeline breach. The attack forced the company to halt production at its U.S. beef plants while operations in Australia and Canada were also hit.
- The Health Service Executive (HSE) Hack
The HSE (Ireland) had to temporarily shut down its IT systems following a cyberattack. What makes this CI attack so disturbing is that it happened during the pandemic when health systems were buckling.
There have been many other well-known cases which include the attacks on NSW’s State Transit Authority (Australia), Israel’s Water Authority, and Air India.
How Are These Threat Actors Getting In?
It has been estimated that a terrifying 75% of organizations and businesses in the U.S. experienced a phishing attack in 2020.2 Phishing through email occurs when malicious actors masquerading as genuine senders (such as the company owner / manager) lure employees into sharing credentials and sensitive information.
- Unpatched vulnerabilities
Unpatched vulnerabilities let cybercriminals run malicious code on company servers by exploiting an unpatched bug. In 2020, about half of CI operators reported unpatched vulnerabilities as the cause of cyberattacks.3
- Distributed Denial of Service (DDoS)
A DDoS attack on your network or server will overwhelm it with bot traffic, thus disrupting the service for a period of time. A recent study reported over 2.9 million DDoS attacks in the first quarter of 2021. Compared to 2020, that is an increase of over 30%. This number will continue to rise in 2022.
- SQL injection
A SQL injection is an attack vector that injects malicious SQL code into website vulnerabilities (such as via an out of date plugin or old WordPress installation) and can even destroy databases. Over 30% of CI operators reported SQL injection as the cause of a breach.
- Cross-site scripting
Also known as XSS, cross-site scripting is a method of executing malicious scripts on a legitimate website. Almost 20% of CI operators reported falling for this attack vector.3
How to Prepare for and Prevent These Attacks
Secure Remote Access
Remote access, if not secured, could provide a freeway for cybercriminals. Therefore, it’s vital to have network firewalls, endpoint protection, good password hygiene, etc.
Create Asset Inventory
You can’t protect what you don’t know needs protection. That’s why it’s essential to have an asset inventory. With an updated inventory of all your network assets, you can implement strategies to ramp up security.
Identify and Patch Vulnerabilities
Many Operational Technology (OT) and IoT devices that operate within industrial networks aren’t secure enough to be part of a critical infrastructure environment. By deploying tools to identify system vulnerabilities, it’s possible to find risky devices, sort them based on their level of risk and then recommend firmware updates.
Automated detection solutions backed by artificial intelligence can easily track anomalies and other minor suspicious changes within the network.
Combine OT and IT Networks
Security risks of connected industrial control systems fall when OT and IT networks are managed together as part of a unified operational platform.
Managing all these single-handedly may seem like a tedious process, but we can take all the hassle away and help you ramp up your business’ security posture. Contact us to learn more about protecting your CI, or download our free infographic to learn more about this topic.