Prioritising critical infrastructure during a global pandemic
Wed 6 Jan 2021 | Satya Gupta
Companies across all critical infrastructure sectors – from power plants to healthcare to manufacturing – must assume that sophisticated attackers are already inside the network
Critical infrastructure entities have historically been slow to adopt new security technologies because changing anything requires changing code, which then requires recertification, which then breaks business continuity – an onerous process.
Many Industrial Control Systems (ICS) rely on legacy systems that require ongoing patching, or even end-of-life systems that are no longer supported by the vendor. These systems were not designed for modern security – a glaring vulnerability when it comes to protecting the most important sectors in the world.
Over sixteen sectors comprise what is known as critical infrastructure, and all are vital to the continuation of businesses, entire countries and economies. In recent years, concerns about cyber security from these companies and organizations have grown steadily as hackers continue finding cracks in defences.
Equipment in the operational technology (OT) sector frequently requires needs manual intervention, and rather than having a security team on site to do this, organizations are finding ways to shift these manual processes to automated processes. Not only does this help to protect employees, automation also provides increased protection to the application itself against relentless cybersecurity attacks.
With this shift, hospitals, governments and utilities alike are considering modern, secure solutions and strategies for advanced protection. Companies across all critical infrastructure sectors – from power plants to healthcare to manufacturing – must assume that sophisticated attackers are already inside the network.
The traditional approach of defending the perimeter and relying on firewalls is simply not enough. Attackers are assuming identities, hijacking operations, and wreaking havoc from within.
Applications are like black boxes, and it is nearly impossible to ascertain whether an attacker has seized control and is actively subverting the application. These memory-based attacks are almost impossible to identify via network controls due to lack of “visibility,” making it even harder for security teams to defend against them. With so much at stake, prioritising security efforts and modernizing technology is no longer an option – it’s a necessity.
Understanding the threat landscape
Cyber attacks targeting critical infrastructure are on the rise, compromising operational technology (OT) that can easily go undetected for hours, days, or even months if proper security controls are not in place.
We know that traditional layers of security that guard the perimeter are porous and being bypassed by advanced hackers. We should assume perimeter defenses have been breached, and it’s imperative that applications be able to defend themselves. In order to achieve that objective, we need to create cyber resilient systems that allow companies to have comprehensive visibility into what’s actually happening inside the runtime memory of the application.
Mission-critical systems are increasingly software dependent, making them a desirable target for adversaries to exploit. Raytheon Technologies, one of the largest aerospace and defense companies in the world, recently spoke about how many mission-critical communications protocols were established before cyber threats were a concern demonstrating how outdated and irrelevant they are for the types and volumes of advanced threats we have seen since COVID-19 began. As companies have prioritized speed, performance, and scalability, their ability to secure the attack surface has not kept pace.
Cyber resilience: creating a strategy to protect critical infrastructure
Traditional cybersecurity methods focus on keeping attackers out of a system by protecting the perimeter. However, sophisticated attackers bypass these measures and establish access and privileges within the system. They have found ways to hide in an application’s memory level, running undetected for indeterminate periods of time, exploiting applications and hijacking operations.
This is why organisations must ensure that their critical systems, applications and data can remain secure even after traditional controls have been bypassed.
Time and budget restraints often force companies to seek out the latest, out-of-the-box systems that are low-cost and easy to procure. This is understandable, but vendors and practitioners alike must acknowledge that a trade-off between usability and security puts a system at risk, particularly for memory-based attacks during runtime. In order to achieve cyber resilient, self-defending critical systems, companies must consider all the different types and locations of threats when designing or redesigning IT architectures and systems.
Adding security and protection to the runtime process can significantly fortify large critical infrastructure or ICS susceptible to attacks. All fileless, memory attacks and zero-day attacks can bypass the conventional perimeter security and execute during runtime, or as we like to say, “weaponize” during runtime. Because of this, your applications need to be highly resilient and must be capable of defending themselves.
A cybersecurity control strategy that ignores memory-level and runtime protection does so at its own peril and puts the organization and its operations at severe risk. If you can ensure that your systems can defend themselves against advanced attacks, then the risks involved with a transition off disk or off-prem are greatly reduced.
It can be daunting for critical infrastructure entities to embrace digital and technological transformation. IT modernisation, including transitioning to a cloud or hybrid model, can feel out of reach for traditional on-prem environments. Old infrastructure itself is not a problem – it’s a fact of life and the by-product of technological advancement to improve existing systems, procedures and processes.
It is important end-users make use of available expertise to implement the correct security controls, speaking to those who understand the unique needs of critical infrastructure and who are able to extend the life of legacy applications and improve security operations. With this assistance, organizations can avoid downtime and disruption from patching without an entire IT overhaul and implement new technologies incrementally to ensure cyber resiliency.