Security experts have warned for decades that key infrastructure throughout the world is vulnerable to cyberattacks. Despite continuous discussions, debate, and growing concerns, modernization is slow, and security continues to lag.
When the Colonial Pipeline was breached, it was frightening, but experts say it was totally predictable. The ransomware attack, which began on May 7, shut down the pipeline for six days, causing a surge in oil prices as well as shortages in some locations. However, the next strike might be much more destructive, leaving big sections of the country without power or Internet access, water purification systems offline, or natural gas supply delayed during the winter. Any of these could endanger people’s lives.
The problem is rooted in outdated industrial controls and operational infrastructure that lacks the security that the digital age demands. The scenario has become nothing short of a nightmare as firms have overlaid connected IT systems and IoT devices. Hundreds, if not thousands, of possible access points for attackers exist in many of these pipelines and facilities.
Risks Get Real
The threat to critical infrastructure is substantial — and the problem is growing worse. Attacks on the energy sector have risen in the last year, according to IBM Security X-Force. Many industrial controls and operating systems are older than 2-3 decades, which contributes to the problem.
These systems are exceedingly expensive and difficult to update or replace because as they were built with the aim to provide ultra-high availability. Completely replacing older operational infrastructure with modern equipment can cost a corporation billions of dollars.
Even if it’s only for a short time, taking these operational and industrial controls offline might cause major problems. As a result, many infrastructure-based businesses are hesitant to upgrade to more current technologies.
Businesses find it difficult to switch from one system to another. They must thoroughly evaluate the control system’s configuration and completely reengineer the device. For instance, the attackers reportedly gained access to Colonial Pipeline using a billing system in the event of the incident. Because it didn’t have a mechanism to bill clients, the company had to shut off operations.
The business and operational worlds have become increasingly intertwined. As a result, even if many of the components aren’t directly connected to the Internet, there may be multiple gaps and risks. To worm their way into a network, cybercriminals only need to identify one susceptible device. At the same time, they might use phishing or compromised employee credentials to get access.
Regardless of the complexity of these environments, the notion that vital infrastructure cannot be safeguarded is both incorrect and deceptive. Other businesses, such as banking, have figured out how to connect traditional operational technology, such as ATMs to IT devices while maintaining high resilience.
Businesses must recognize that building a stronger fortress will not necessarily keep threat actors out when it comes to critical infrastructure security. Next-generation firewalls, threat intelligence and more complex asset discovery, and management tools are all beneficial, but they can’t prevent a user from clicking on a malicious link or an IoT manufacturer from creating an entry point.
Similarly, certain malware detection software can prevent ransomware groups from encrypting recognized forms of malware, but it can’t guarantee that a new or previously discovered ransomware dropper won’t encrypt files. Even air gapped systems aren’t 100% secure since data must occasionally be moved from one device to another — and malware can slip through.
It’s vital to have a strong zero-trust, multi-layered defence in place, including multifactor authentication (MFA) everywhere. However, it is vital to anticipate that attackers will get access to a system.
As a result, businesses must do a better job segmenting networks and establishing configuration restore points, especially for operational systems. In addition, having dependable backups on multiple and disconnected systems, as well as a contingency plan for dealing with an attack, is critical.
For more such updates follow us on Google News ITsecuritywire News.