Critical Infrastructure the target of increasingly sophisticated malicious actors
Just prior to the holiday season – in late December – the Wall Street Journal reported on a previously-undisclosed cyber incident that involved Iranians hacking the control system of a small dam less than 20 miles outside of New York City. The incident itself occurred in 2013. The FBI discovered the breach and noted that although the control system was probed, the malicious actors never took control of it.
The same thing can’t be said for the power grid in the Ukraine. In December, malware known as BlackEnergy impacted multiple power stations in the country and led to the power being shut off for what some publications are reporting as long as six hours. It was estimated that this attack and subsequent power outage impacted 80,000 Ukrainians.
These are just two recently reported examples of cyber attacks on critical infrastructure organizations. And that’s a frightening concept. Critical infrastructure is so named because it supplies the transportation, utilities and services that citizens rely on for modern life. And they’re becoming increasingly vulnerable.
According to a 2014 report by the Ponemon Institute and Unisys, “nearly 70 percent of critical infrastructure managers surveyed reported at least one security breach that led to the loss of confidential information or disruption of operations in the past 12 months. In addition, 78 percent said a successful attack on their organization’s ICS or SCADA systems is at least somewhat likely within the next 24 months. Yet only one in six respondents described their organization’s IT security program or activities as mature.
To get additional insight into the security landscape impacting critical infrastructure, we sat down with Ed Cabrera, the Vice President of Cybersecurity Strategy at global security software company, Trend Micro. Ed also previously served as the CISO of the United States Secret Service.
During our discussion, we analyzed the current cyber threats facing critical infrastructure organizations, how attacks against these organizations are being conducted and what technologies are necessary to stop them in the future.
Here is what Ed had to say:
TAG: What does the threat landscape facing critical infrastructure organizations – transit systems, utility companies, etc. – look like today? Where are the threats coming from? Why would malicious actors be targeting these systems?
Ed Cabrera: Threats against all critical infrastructure have steadily been increasing over the last ten years, however the level of sophistication has grown exponentially.
Attacker motivations as in attribution are more difficult to conclude definitively, however we have been successful in linking campaigns through tactics, techniques and victimology.
TAG: Why is protecting IT systems and networks at critical infrastructure organizations a bigger challenge and concern than it was in the past? What has changed to make these organizations more vulnerable?
Ed Cabrera: Critical Infrastructure and the industrial control system (ICS) networks within them have enjoyed for many years a level of security through obscurity.
Historically isolated ICS networks were not supported by corporate networks. The demand for third party support, remote access and automation has converged Corporate and ICS networks like at no other time in history. This convergence has led to complexity and dependency creating technical and systemic vulnerabilities exposing ICS networks to vulnerable corporate networks and even the Internet.
This is highlighted in Project SHINE, a two year study utilizing the Shodan search engine which ended in 2014, actually documented over 500,000 ICS assets were connected to the Internet.
TAG: Some of the recent hacks of critical infrastructure organizations were tied into credential theft and phishing scams. How prevalent are these types of attacks? Have they become more sophisticated? How could people today fall for phishing scams with so much education out there about cybersecurity and cyber hygiene?
Ed Cabrera: Advanced threat actors, regardless of their motivation or affiliation, are only as sophisticated as they need to be. Exploitation of privileged and unprivileged users still rule the day. Social engineered attacks such as phishing and the use of stolen credentials are still the most successful point of entry.
However, we have seen an escalation in sophistication through the use of watering hole attacks whereby frequented web sites are compromised to deliver malware to target users.
TAG: Going back to these credential theft and phishing attacks – what role could more advanced authentication solutions play in eliminating these attacks? How do you think authentication needs to change to assuage concerns about credential theft? What could the adoption of Multifactor Authentication solutions do to better protect organizations?
Ed Cabrera: Multi-Factor Authentication is critical to any layered defense strategy, however the attacks today are multi-vector and multi-stage.
We know that it takes most cyber threat actors only minutes to compromise a network and it usually takes months before they are detected. Deploying a connected threat defense for endpoints – network to cloud – is critical to speeding up detection and response.
TAG: Following the OPM hack, all of the focus was on security within the federal government. With recent hacks of critical infrastructure organizations, do you anticipate that the entire industry/market will follow suite and focus their efforts on improving security? What security tools and technologies do you anticipate they’ll adopt to strengthen their networks and improve their security posture?
Ed Cabrera: These recent attacks against critical infrastructure will definitely raise needed awareness, however I am not convinced it will be enough to affect the needed change.
Building resilient risk management strategies around proven frameworks such as the NIST Cybersecurity Framework are key. Critical Infrastructure CISOs need to mature and align their people, process and technology to identify, protect, detect, respond and recover from advanced cyber attacks.
To learn more about the challenges facing CISOs today, and the need for implementing comprehensive, end-to-end security solutions in today’s more sophisticated threat landscape, click HERE to watch the recorded Webinar, “Ending the Game of Enterprise Security Whack-a-Mole.”