Safeguarding the World’s Critical Cyber-Physical Systems with Confidential Computing

Safeguarding the World's Critical Cyber-Physical Systems with Confidential Computing

Safeguarding Cyber-Physical Systems necessitates not just securing and protecting the control environment, but also utilizing emerging technologies such as confidential computing.

The current paradigm of hyper-connectivity has blurred the line between crucial networks that support critical infrastructure and external general-purpose networks. Numerous cyber-attacks have exposed the flaws in notions of a secure perimeter, even in the case of ostensibly air-gapped systems with no external communication link to the untrusted environment.

Someone, or something, will always provide a mechanism to access critical infrastructure networks at the network edge. Network permeability is a major concern in this situation. Unauthorized access can enable a threat actor to take information that provides high-quality intelligence or the potential for financial gain, as well as compromise the operation of physical assets. The potential for harm and loss as a result of a system failure should not be underestimated in the latter circumstance.

Also Read: How to Prevent Increasingly Persuasive Phishing Attacks

Power, fuel, water distribution, transportation services, agricultural and industrial process are all monitored and controlled using modern control systems. The supervisory control and data acquisition (SCADA) system is made up of a complex mesh of distributed sensors, programmable logic controllers (PLCs), and actuators, with a human machine interface (HMI) at its centre. Every day, the critical services and products that enable the modern economy are delivered through cyber-physical infrastructures based on these components. But why are these systems prone to failure in the first place, and what can go wrong if they do?

The Stuxnet  cyber-attack, first reported in 2010, is perhaps the most well-known illustration of how the cyber domain can have real-world implications. Centrifuge arrays used for uranium enrichment were targeted at the Natanz nuclear complex in Iran using sophisticated malware sent from the edge to an air-gapped control network, most likely by external contractors via routine maintenance. At the Natanz facility, catastrophic damage was made by infiltrating the PLCs and overriding fail-safe protocols, momentarily disrupting the output of enriched uranium.

Stuxnet attack resulted in indiscriminate infection of industrial control systems demonstrating the global threat presented by any similar cyber-attack carried out by a nation-state or advanced persistent threat (APT). In fact in July 2020, the NSA and the CISA released a joint alert recommending that vital infrastructure be protected immediately.

Cybercriminals used the DarkSide ransomware to attack the Colonial Pipeline company in May, and the resulting data loss prompted a precautionary complete shutdown of the largest fuel pipeline in the US. The distribution of 100 million gallons of fuel per day was halted, and a US$4.4 million ransom in bitcoin was paid to allow operations to resume. The economic and strategic worth of critical infrastructure systems combined with an increase in the number of efforts to disrupt them, highlights their vulnerability to cyber-attacks and the need for a new approach to application and data security.

Also Read: The Three Pillars of Product Security Risk Management

Although network segmentation can help avoid this type of maneuver, an attacker may still be able to get access to a network segment where cyber-physical systems can be compromised. Even when the host network has been compromised, countermeasures that protect the integrity and resilience of essential systems are necessary. Confidential computing is a novel technology with features that enable comprehensive protection of sensitive applications and data.

The property of attestation is a fundamental feature of confidential computing. The application code and data are protected within a trusted execution environment (TEE), which is given with a set of cryptographic signatures. The signatures enable mutual and remote hardware platform verification as well as software integrity validation. To prevent malicious apps or privileged users from recovering or modifying the application code or data in use, access to the secure memory region is restricted. As a result, dependent processes can withstand network compromise, and the provenance of data and apps may be confirmed using the TEE’s cryptographic identity in compliance with zero-trust architecture standards.

The advanced data and application security provided by this emerging technology looks set to play a crucial role in protecting the safe and secure function of the most critical services as confidential computing becomes more widely available across cloud infrastructure and the hardware platforms underpinning critical infrastructure.

For more such updates follow us on Google News ITsecuritywire News