Critical National infrastructure (CNI) is increasingly coming under attack from a range of sources. Whether it’s financially motivated cybercrime gangs, state-sponsored operatives or even hacktivists, the threats are usually the same. Unlike traditional attacks which target data, those aimed at operational technology (OT) – like industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA) – are looking to disrupt services and cause chaos. The threat of a cyber attack on such systems can have serious repercussions that reach far beyond disruption to the individual business. We all depend on the reliable functioning of our critical infrastructure – and to some degree we take it for granted that it will always be there for us. That’s why organisations must urgently invest in new strategies to protect their OT environments, seeking help from third-party partners if necessary.
CNI under fire
A Ponemon study of global IT executives in CNI organisations revealed that 57% thought cyber threats were putting industrial control systems at greater risk, while 67% said they had experienced a breach over the past year.
Since then, the threat has slowly increased even further. Most recently, attacks on Ukrainian energy companies left hundreds of thousands without electricity for several hours in December 2015 and 2016. Researchers have also warned that a sophisticated advanced threat group dubbed “Dragonfly” may even have gained access to the US power grid.
So why are such systems under threat? On the one hand, it’s becoming increasingly easy for remote hackers to “find” ICS/SCADA systems, as many today are connected to the internet. Once found, such systems can be woefully undefended. A recent report found it took SCADA vendors on average 150 days to release security updates once notified of a vulnerability – and many OT managers delayed patching further because of the mission-critical nature of many CNI systems.
Time to fight back
The good news is that things are moving forward from a regulatory point-of-view. In Europe, the NIS Directive will enforce a baseline of best practice cybersecurity for providers of “essential services” in the region – with huge fines pending from May 2018 for non-compliance.
However, CNI organisations can’t afford to sit back and wait to be told what to do. In a world where it’s increasingly easy to locate and attack OT systems, a more proactive stance is essential.
Our latest thought leadership on the topic advocates a 10-step approach:
- Conduct an annual risk assessment exercise to better understand your risk exposure
- Engage with a specialist partner to understand your current levels of security and what is on your network
- Keep systems up-to-date and securely configured
- Establish a continuous managed monitoring and defence system to enable real-time threat detection
- Educate employees in best practice security awareness and incident response
- Update passwords to strong credentials
- Establish and routinely test incident response plans
- Secure the network, especially from unauthorised access
- Implement anti-malware with continuous scanning
- Ensure systems are always up-to-date with latest patches
It’s not a case of “if” but “when” your OT environment is attacked, so ensure you have the skills to effectively manage security. If not, it’s essential to find a trusted partner who can provide this for you. NTT Security’s IT/OT Integrated Security Services are a combination of consulting and managed security services designed to spot areas of potential risk and address them effectively via continuous managed monitoring, detection, defence and response capabilities.