Attacks on critical infrastructure are attractive targets for cybercriminals. Here’s why and what’s being done to protect them.
What is critical infrastructure and why is it attacked?
Critical infrastructure is physical and digital assets, systems, and networks essential to national security, economy, public health, or safety. May be government or privately owned.
Etay Maor, Senior Director of Security Strategy at , said: Kato Networks“It is interesting to note that critical infrastructure does not necessarily have to be power plants or electricity. should be considered.”
These characteristics make critical infrastructure a favored target for cyberattacks. When critical infrastructure is disrupted, the impact is significant. In some cases, such cyberattacks against critical infrastructure have become another means of modern warfare. But unlike classic warfare, these conflicts put civilians and businesses on the front lines and targets.
Recent notable examples include the 2015 attack on the Ukrainian power grid, the 2018 breach of the Kansas nuclear power plant business network, and North Korea’s attempt to hack the SWIFT network and steal over $1 billion. and so on. Needless to say, the infamous Colonial Pipeline attack has become a symbol of critical infrastructure attacks.
However, the goals of attacks vary. While some are real ways to prepare for future conflicts by testing functionality and defenses, the motives are financial gain, attempts to steal data, gain remote access or control, or disruption and destruction of services. There are also things that
Etay Maor added, “It’s not just nation states that attack. It could also be cybercriminals and hacktivists looking for financial gain.”
How critical infrastructure is attacked
There are several types of attacks used in critical infrastructure. The main ones are DDOS, ransomware (via spear phishing), exploitation of vulnerabilities, and supply chain attacks. Etay Maor commented:
Spotlight: Supply Chain Attacks
Supply chain attacks are the primary method for attacking critical infrastructure. Like the bombings of factories that supplied the military in World War II, supply chain cyberattacks target the nation’s critical infrastructure and his suppliers.
Etay Maor recalls:
RSA was hacked not to gain access to its own networks, but as a way to compromise government agencies, military agencies, defense contractors, banks, and corporations around the world who hold private keys in RSA. bottom.
How to protect your critical infrastructure
One of the myths about cybersecurity is that the more security products you use, the better. But layered security consisting of too many products can backfire.
Etay Maor said: A result of dozens of integrated security products? especially friction when trying to correlate information from them.
Gartner tends to agree: “digital transformation In addition, the adoption of mobile, cloud, and edge deployment models will fundamentally change network traffic patterns, rendering existing network and security models obsolete. ”
Role of CISA
Potentially serious attacks on critical infrastructure have prompted countries to set up cyber defense organizations to protect critical assets and prepare for conflict.
CISA (Cybersecurity and Infrastructure Security Agency) is a US risk advisor. They provide support and strategic assistance to critical infrastructure sectors with a focus on federal network protection. By partnering with private sector partners and academies, we can provide proactive cyber protection.
Some of the key areas of focus for CISA are coordinating and communicating responses to provide cyber incident information and support. dot government Domains, help protect dot com Empower the private sector, secure critical infrastructure, and map a common operational landscape for cyberspace.
One of the programs led by CISA is the Cybersecurity Advisor Program. This program provides education and training for cybersecurity awareness. Advisors assess cyber risks for critical infrastructure, encourage best practices and risk mitigation strategies, develop capabilities, assist cyber communities and working groups, raise awareness, and gather stakeholder requirements. , can help your organization by delivering incident support and lessons learned.
Building cybersecurity resilience
Cybersecurity resilience is key Prevent attacks on critical infrastructureSuch resilience comes from the actions an organization takes. This includes activities such as adverse incident response and network visibility. For example, you can know which ports and services should be running and whether they are configured properly.
There are many misconceptions about the ability to build cyber resilience. Here are some and how they are disputed:
- The Claim: Resilience Needs Big Budgets.
- Fact: Organizations don’t need big budgets, they need to fine-tune their existing solutions.
- Claim: We have a silver bullet cybersecurity solution.
- Fact: An organization’s focus should be on getting the “101” methods and practices in order. network visibility and employee training.
- Claim: We are not targeted.
- Fact: No organization is too small.
- Claim: Too much work to do.
- Fact: Still, it’s important to research solutions based on your own priorities.
- Claim: It is not our responsibility.
- Fact: Everyone is Responsible
- Claim: Government will save us.
- fact: A government’s ability to succeed is based on partnerships with the private sector and on the active participation of the private sector in ensuring its own security.
To start building your own resilience, answer these three questions:
1. What do you know about your enemies?
For example, who the attacker is and how they operate.
2. What does the attacker know about me?
In other words, what part of the network is public?
3. What do you know about yourself?
The answer to this question provides information on what your network looks like and where it is vulnerable. So this question is about making your network visible.
To learn more about how CISA operates and how it prevents supply chain attacks against your critical infrastructure, visit Watch Cato Networks Cyber Security Masterclass Series.