Protecting Critical Infrastructure Is … Well … Critical
Category : Gigamon
In our day-to-day lives, we rely on a well-running infrastructure. Whether that infrastructure is transportation, power plants or water utilities, we expect seamless functionality – there’s a reason we call them “critical.”
Today however, we no longer live in an analog world. Everything, including infrastructure, is increasingly being connected digitally, and with digitization comes the risk of greater vulnerability and the potential for online attacks to result in real, physical tragedy. Dams, communications infrastructure, nuclear reactors … these critical infrastructure sectors consist of assets, systems and networks that if impacted, could cripple the economy and put public health, safety and national security at risk.
Thankfully, the Department of Homeland Security (DHS) has been thinking about these vulnerabilities and has identified 16 critical infrastructure sectors as vital to the United States’ economy. In fact, last week on October 23, based on joint analytic efforts between the DHS and FBI, the US-CERT issued a technical advisory that warned of advanced persistent threat (APT) activity targeting energy and other critical infrastructure sectors.
It should be a no-brainer that every country needs to take special steps to safeguard its critical infrastructure, but if you still need convincing, I suggest watching the absorbing documentary “Zero Days” about the Stuxnet malware that was famously used to destroy centrifuges in Iranian nuclear facilities.
A Whole Other Ballgame
Protecting critical infrastructure is a different ballgame compared to protecting data center assets. Several characteristics stand out:
- Remote locations. Unlike with data centers, many elements of critical infrastructure are typically distributed across a large geographical region. Many of these locations are unmanned or at best, have very few personnel.
- Long equipment life span. Most active infrastructure elements in data centers have a useful life of about five years. By contrast, the lifetime of critical infrastructure equipment is extremely long, often spanning 10 to 20 years or more. The immediate implication is that cybersecurity defense postures must consider the impact of legacy equipment running several vendors’ outdated software.
- Government regulation. Critical infrastructure is typically regulated by a government body to ensure compliance, failing which, drastic fines are levied on the critical infrastructure operator or owner.
- Legacy technologies. Many critical infrastructure elements communicate over legacy technologies such as Supervisory Control and Data Acquisition (SCADA) – a method developed to standardize universal access to a variety of local control modules in industrial control systems (ICS), which are at the heart of critical infrastructure.
- Unencrypted communications. Much to an attacker’s delight, most communications over a SCADA infrastructure are unencrypted. Moreover, the nature of SCADA communications also requires timely response and interaction between the communicating entities, making such equipment soft targets for denial-of-service (DoS) attacks.
These characteristics combined with the criticality of the sector have made such infrastructure elements high-value targets for threat actors. Unlike a data center breach that leads to valuable data loss, a similar critical infrastructure breach could have a devastating impact on lives, health or economies. Indeed, research over the last few years in both academia and industryhas shown potential risks to critical infrastructure from malware and ransomware attacks, malicious payloads and other threat vectors.
What Can Be Done to Protect Critical Infrastructure?
Fortunately, awareness on this topic has been on the rise. Earlier this year, President Trump signed an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure and the National Institute of Standards and Technology (NIST) has also developed a framework for improving critical infrastructure cybersecurity.
If you or your organization is responsible for some part of critical infrastructure, there are three steps that you can take as part of developing your risk management strategy:
- Close the visibility gaps: Put simply, it is essential to have continuous network visibility across both information technology (IT) and operational technology (OT) operations.
- Close the budget gaps: With the right visibility platform, you should be able to get a significant boost in ROI.
- Close the protection gaps: If your current operational processes are coming in the way of upgrades and new cybersecurity initiatives, consider using innovations like inline bypass to speed deployment of new security tools or software.
For a more detailed explanation of the above steps, please read the Gigamon Point of View “Aligning Agency Cybersecurity Practices with the Cybersecurity Framework.”
Already, several critical infrastructure sectors have deployed Gigamon visibility solutions to achieve these protections. For example, many leading public power utilities have used the GigaSECURE Security Delivery Platform to develop a visibility strategy to detect grid tampering, obtain insight right down to substations and gateway nodes, and extract both network traffic and vital metadata to feed their central Security Operations Centers (SOCs) and achieve compliance with NERC CIP.
Author: Ananda Rajagopal