It seems like every week brings news of a massive ransomware attack or other cyber breach on critical infrastructure. The latest high-profile hack against JBS, the world’s largest meat producer, triggered fears of shortages and escalating meat prices in stores and restaurants around the world. This breach comes on the heels of the Colonial Pipeline attack, which led to the shutdown of their operational network and wrought havoc along the East Coast with long lines and shortages at the gas stations. Both breaches are stark reminders of how vulnerable our way of life is and underscore the need to bolster defenses in critical infrastructure to secure everything from the power grid to the water supply.
What is a critical infrastructure sector?
According to CISA, there are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital that their incapacitation or destruction would have a debilitating effect on national security, economic stability, and public health or safety. Sectors include energy, water and wastewater, transportation, telecommunications, and others whose operations are essential to our way of life. Disruptions to any of these vital sectors can be catastrophic and inflict more damage than an enterprise data breach. Imagine the crippling effect of a cyberattack on the power grid in the southwest in August. Beyond the downtime and lost business, there could deaths due to the extreme heat of the sweltering summer.
What’s behind this surge in attacks on critical infrastructure?
More connectivity means more vulnerabilities
Critical infrastructure is becoming more complex and operating in a digital environment that is more connected than ever before. Digitalization of society has brought efficiencies and cost reductions, but it has also made protecting complex systems challenging. Many organizations have legacy operational technology (OT) systems that were built without security in mind, on the assumption that they were closed systems and never intended to be connected. Many of these organizations rely on OT such as SCADA, ICS, WSANs, and others to optimize their industrial processes. With the digitalization of OT networks, these systems are now connected to each other and to IT networks – all interwoven through an Internet of Things architecture creating multiple attack points.
In addition, the profitable business model of extortion and the willingness of organizations to pay off criminal actors in order to get their operations back on line have emboldened attackers to single out victims in the critical infrastructure as prime targets.
Best practices for protecting those “crown jewels”
As cybercriminal syndicates become more sophisticated and brazen with their attacks, organizations in critical infrastructure sectors need to assess their security posture in order to stay one step ahead. The traditional one-size-fits-all security strategy that includes strong user access protocols, authentication policies, and segmentation is not enough to help to ward off future attacks. The ominous consequences of critical infrastructure attacks warrant a more robust approach to security to include network obfuscation for your most critical assets to prevent you from becoming tomorrow’s headline:
- Minimize your attack surface. Evaluate your systems and remove unnecessary and unsupported systems and applications from the internet. Eliminate your security blind spots before attackers can exploit them.
- Prioritize assets – Identify your critical systems or the “crown jewels” of your business. These are assets whose loss during a security breach would cripple your operations. In the Colonial Pipeline, it was the OT systems, which were taken offline as a precaution, resulting in panic buying at the gas stations. In the JBS breach, the crown jewel is the backup systems. JBS indicated that their backup systems were not affected by the breach and therefore, the company had its operations back up within a couple of days.
- Hide your “crown jewels.” Now that you’ve identified your most critical assets or “crown jewels,” you need to implement more stringent security protocols for them. These assets need to be totally hidden from the public internet. The most effective way of doing this is with a virtual obfuscation network. The critical assets can reside on a server that is hidden and inaccessible from the rest of the network and thus remains impenetrable even if there is a breach. After all, attackers can’t exploit it, if they can’t see it.
It’s said that there are two kinds of enterprises: those that have been breached and those that are going to be. The number of critical infrastructure organizations in the first category is rapidly growing. Now is the time to take measures to protect the operational technologies that run your critical processes.
To learn more about how the Telos Ghost virtual obfuscation network can help to protect your critical assets, visit: www.telos.com/offerings/telos-ghost.