Most security leaders in critical infrastructure organizations are underestimating the scale of cyber-threats to their operations, despite having suffered breaches over the past three years.
A recent research study by Skybox Security
found that 83% of organizations experienced an operational technology (OT) cybersecurity breach in the last 36 months. The research also uncovered that organizations also underestimate the risk of a cyberattack.
What are CNI Firms?
Critical National Infrastructures (CNI)
are systems, facilities, information, people, networks, and processes necessary for a country to function the vast network of highways and other transportation services, supply of water, energy or banking services, utilities, and buildings necessary to maintain everyday life.
These systems are essential for the economy, health, safety, security, and social well-being of people and the loss or compromise of these critical elements could result in disaster.
- It can detrimentally impact the availability, integrity, or delivery of essential services.
- If compromised, disruptions to some services could result in significant loss of life or casualties.
- There could be a significant negative impact on national security and defense, or on the effective functioning of the government.
Unlike previous years where these CNIs operated in isolation, they are becoming more complex and reliant on networks of connected devices even across sectors.
As such, the failure of one critical infrastructure could result in not only the failure of that system, it could also potentially create a devastating chain reaction.
This vulnerability of critical infrastructure to cyber-attacks has become a big concern with recent events giving even more cause for concern.
What kinds of breaches do CNIs experience?
While IT infrastructure has given rise to many cyber security jobs, consultants, products, and services, the operational technology of CNIs is a vulnerable and less focused element of cyber security.
However, this is especially important as people and infrastructure become even more reliant on connectivity and well-functioning homes and communities.
One example is the power grid incident in Texas
in which 4.5 million homes and businesses were left without power, water, and heat for days during extreme cold weather in the state.
Recently, on May 7th, a devastating ransomware attack
on the Colonial Oil Pipeline left nearly 11,000 gas stations without gas. The pipeline, one of the largest in the US that supplied about 45% of the East Coast’s gas, diesel, and jet fuel, was forced to shut down its networks and operations entirely.
In another case of disruptions to critical infrastructure, hackers broke into a US water authority’s cellular network to hike the bills by 15,000%, from $300 monthly to over $50,000 over a two-month period.
World-changing events like these have brought to light the need for organizations to adapt and protect their services to ensure continuity.
What are the Common Vulnerabilities?
Some of the challenges facing OT security
include OT network complexity which leaves various loopholes which can easily be taken advantage of, supply chain risk, and limited vulnerability detection and fixing options.
Hackers and threat actors commonly target energy, transportation, public services, telecommunications, and critical manufacturing sectors with the intention to
- Disrupt critical services using ransomware
- Target theft of intellectual property or customers’ personal data
- Manipulate or sabotage operational equipment
- Conduct long-term surveillance of networks looking for weaknesses and intelligence that can be monetized or exploited.
How to Safeguard Against Breaches
Despite the rise in vulnerabilities and recent attacks, OT security remains low in priority for many security teams as there is a predominant belief that their infrastructure is safe despite evidence to the contrary, which has led to inadequate OT security measures.
Here are some ways to ensure OT security is protected against data breaches
- Implement automation to reduce human error and ensure continuous compliance.
- Find exposed vulnerabilities with a network model.
- Implement long-term options that go beyond patching for security risks and vulnerabilities.
- Rely less on cyber insurance as a security ‘strategy’.
- Monitor Third-party access to networks.
- Ensure adherence to security controls.