A paradigm shift – from attack interception to result prevention

12/09/2021
Blog

Critical infrastructures, a classification that includes utilities, industrial and manufacturing operations, and more, have faced a barrage of cyberthreats in recent years, and operators are now faced with the reality that the next attack is likely just around the corner. From high-profile hacks like those on SolarWinds and the Colonial Pipeline Company to less publicized but equally worrisome breaches such as those on an Oldsmar, Florida water treatment plant and the Metropolitan Water District of Southern California, critical infrastructures have become major targets for cyberattack.

Critical infrastructures, a classification that includes utilities, industrial and manufacturing operations, and more, have faced a barrage of cyberthreats in recent years, and operators are now faced with the reality that the next attack is likely just around the corner. From high-profile hacks like those on SolarWinds and the Colonial Pipeline Company to less publicized but equally worrisome breaches such as those on an Oldsmar, Florida water treatment plant and the Metropolitan Water District of Southern California, critical infrastructures have become major targets for cyberattack.

Although these attacks have gained momentum in the last year, the threat is not new. In fact, according to a 2019 Siemens and the Ponemon Institute survey of utilities, 56% of utilities’ network operators reported at least one shutdown or operational data loss per year and 54% expected an attack in the coming year too.

Escalation of vulnerabilities, risks and attack tools

What is driving this proliferation of attacks? There are several contributing factors. One is rapid technological change, accelerated by the pandemic and now ingrained in our daily lives, that has led an increasing dependence on connected devices within critical infrastructures like smart meters, sensors, industrial controllers, and other “smart” products. This trend for everything to be connected has seeped into OT devices, which include things like sensors, transmitters, controllers, smart meters, pumps, and other field devices.

Utilities, governments, and other critical infrastructure operators have begun connecting these OT devices into IT networks to streamline monitoring and maintenance, but as they do so, they simultaneously increase the potential attack surface for malicious cyberthreats. These newly connected devices are also not particularly secure, given that because many of these systems were introduced decades ago with a specific eye towards longevity. Research from Fortinet shows that a significant percentage of organizations have not extended some elements of basic security hygiene into their OT environments. As this has happened, bad actors, whether external hacker groups or organization insiders, have grown bolder and more sophisticated with their attempts at intrusion and manipulation of critical infrastructure systems.

The convergence of these increasingly complex IT and OT systems, often backed by outdated security infrastructure, systems, and protocols, has created the perfect storm of cyber vulnerability. What’s more, the same aforementioned Fortinet research found that OT leaders actually planned on spending even less on their security budget from 2019 to 2020 – this trend has proven to be a cautionary tale in the wake of a fury of breaches that have happened in the last 18 months.

Meanwhile, according to a report by five government security agencies, cyber attackers ranging from cyber criminals to nation-state operators, are utilizing free yet powerful tools that lower the entry bar for attackers and increases risks for organizations.

The attack vectors impacting critical infrastructure

Leveraging cyberattacks for the purpose of fraud and theft is a growing concern for critical infrastructures. In some cases, these attacks directly influence the performance of the affected device for fraudulent activities. For example, cyber criminals accessing a system of smart meters to alter the readings and result in changing customers utility bills. Ransomware attacks are another fast-growing attack. Earlier this year, hackers accessed the Colonial Pipeline company, one of the largest oil-and-gas pipelines in the United States, and demanded a $5 million ransom for important corporate data. Out of an abundance of caution, Colonial Pipeline was forced to cease pipeline operations, which had a major trickle-down impact on local and country-wide economies.

Vulnerabilities stemming from insiders, i.e., current, or former employees in an organization, also represent a major threat to critical infrastructure. These insider attacks are typically harder to detect and prevent than external attacks. A study from Ponemon Institute published in January 2021 found that insider cybersecurity incidents have risen 47% since 2018 and the average annual cost of an insider-caused breach also increased, up 31% to $11.5 million.

There is also the issue of weaponizing the OT. In a recent report from Gartner predict that cyber attackers will have weaponized OT environments to successfully harm or kill humans. This concerning trend has already begun. In February, a water treatment plant in Oldsmar, Florida, was accessed by hackers. The attack only lasted a few minutes, but the hackers were able to change the level of sodium hydroxide being fed to the city —home to 15,000 people—was changed from 100 parts per million to 11,100 parts per million, enough to cause serious harm. Although the attack was remedied before it could reach the main water supply, it was a dire warning about the consequences that not segregating IT and OT systems can bring.

Vulnerabilities cannot be eliminated, but attacks outcome can.

Given the vulnerability of legacy OT devices, the nature of cyberattacks on these devices, and the diverse sources these attacks have stemmed from, critical infrastructures and OT operators must ensure that each device they roll out or integrate onto their network is itself impermeable. But connected devices are inherently vulnerable and will be eventually breached – it’s simply a matter of when.

NanoLock is set to prevent the outcome of such a breach using zero-trust, device-level protection that prevents persistent changes in the device, unless they were authenticated and signed by an external authorization server. NanoLock protects against outsiders, insiders and supply chain cyber events as well as human errors to maintain operational integrity, enable business continuity and protect revenues.

Watch NanoLock Zero-Trust, Device-Level Protection and Management video

Want to learn more about preventing device-level cyberattacks?  Contact us or book a demo.

Although these attacks have gained momentum in the last year, the threat is not new. In fact, according to a 2019 Siemens and the Ponemon Institute survey of utilities, 56% of utilities’ network operators reported at least one shutdown or operational data loss per year and 54% expected an attack in the coming year too.

Escalation of vulnerabilities, risks and attack tools
What is driving this proliferation of attacks? There are several contributing factors. One is rapid technological change, accelerated by the pandemic and now ingrained in our daily lives, that has led an increasing dependence on connected devices within critical infrastructures like smart meters, sensors, industrial controllers, and other “smart” products. This trend for everything to be connected has seeped into OT devices, which include things like sensors, transmitters, controllers, smart meters, pumps, and other field devices.

Utilities, governments, and other critical infrastructure operators have begun connecting these OT devices into IT networks to streamline monitoring and maintenance, but as they do so, they simultaneously increase the potential attack surface for malicious cyberthreats. These newly connected devices are also not particularly secure, given that because many of these systems were introduced decades ago with a specific eye towards longevity. Research from Fortinet shows that a significant percentage of organizations have not extended some elements of basic security hygiene into their OT environments. As this has happened, bad actors, whether external hacker groups or organization insiders, have grown bolder and more sophisticated with their attempts at intrusion and manipulation of critical infrastructure systems.

The convergence of these increasingly complex IT and OT systems, often backed by outdated security infrastructure, systems, and protocols, has created the perfect storm of cyber vulnerability. What’s more, the same aforementioned Fortinet research found that OT leaders actually planned on spending even less on their security budget from 2019 to 2020 – this trend has proven to be a cautionary tale in the wake of a fury of breaches that have happened in the last 18 months.

Meanwhile, according to a report by five government security agencies, cyber attackers ranging from cyber criminals to nation-state operators, are utilizing free yet powerful tools that lower the entry bar for attackers and increases risks for organizations.

The attack vectors impacting critical infrastructure
Leveraging cyberattacks for the purpose of fraud and theft is a growing concern for critical infrastructures. In some cases, these attacks directly influence the performance of the affected device for fraudulent activities. For example, cyber criminals accessing a system of smart meters to alter the readings and result in changing customers utility bills. Ransomware attacks are another fast-growing attack. Earlier this year, hackers accessed the Colonial Pipeline company, one of the largest oil-and-gas pipelines in the United States, and demanded a $5 million ransom for important corporate data. Out of an abundance of caution, Colonial Pipeline was forced to cease pipeline operations, which had a major trickle-down impact on local and country-wide economies.

Vulnerabilities stemming from insiders, i.e., current, or former employees in an organization, also represent a major threat to critical infrastructure. These insider attacks are typically harder to detect and prevent than external attacks. A study from Ponemon Institute published in January 2021 found that insider cybersecurity incidents have risen 47% since 2018 and the average annual cost of an insider-caused breach also increased, up 31% to $11.5 million.

There is also the issue of weaponizing the OT. In a recent report from Gartner predict that cyber attackers will have weaponized OT environments to successfully harm or kill humans. This concerning trend has already begun. In February, a water treatment plant in Oldsmar, Florida, was accessed by hackers. The attack only lasted a few minutes, but the hackers were able to change the level of sodium hydroxide being fed to the city —home to 15,000 people—was changed from 100 parts per million to 11,100 parts per million, enough to cause serious harm. Although the attack was remedied before it could reach the main water supply, it was a dire warning about the consequences that not segregating IT and OT systems can bring.

Vulnerabilities cannot be eliminated, but attacks outcome can.
Given the vulnerability of legacy OT devices, the nature of cyberattacks on these devices, and the diverse sources these attacks have stemmed from, critical infrastructures and OT operators must ensure that each device they roll out or integrate onto their network is itself impermeable. But connected devices are inherently vulnerable and will be eventually breached – it’s simply a matter of when.

NanoLock is set to prevent the outcome of such a breach using zero-trust, device-level protection that prevents persistent changes in the device, unless they were authenticated and signed by an external authorization server. NanoLock protects against outsiders, insiders and supply chain cyber events as well as human errors to maintain operational integrity, enable business continuity and protect revenues.

Watch NanoLock Zero-Trust, Device-Level Protection and Management video
Want to learn more about preventing device-level cyberattacks?  Contact us or book a demo.