Introduction
In this article, we are going to address the vulnerability levels, dilemmas in safety and security, and preventive steps for infrastructure networks. To upgrade your cybersecurity skills, enrolling in courses like Cyber security Training in Hyderabad would aid you in learning the required knowledge.
On February 2nd, the biggest collection of compromised usernames and passwords was made public online. The credentials for the Oldsmar water facility in Florida and 3.2 billion distinct email/password pairs were contained in what was known as COMB.
Three days later, an unknown attacker gained access to Oldsmar’s computer systems and attempted to raise the pH of the city’s water to dangerously high acidic levels by multiplying sodium hydroxide (lye) by 100. Although the attempt was thwarted and the lye levels recovered, the case illustrated the ease with which cybercriminals may now more readily target critical national infrastructure (CNI).
However, this isn’t a TeamViewer-specific issue. The DHS stated in 2013 that an Iranian hacker organization called ‘SOBH Cyber Jihad’ gained access to computer systems operating the Bowman Avenue Dam in New York at least six times, gaining access to critical files containing passwords and usernames. Likewise, in 2015 and 2016, Ukraine was hit by a series of power system attacks blamed on a Russia-backed advanced persistent threat group known as Sandworm, which left 225,000 Ukrainians without power for many hours at a time.
Vulnerable to Extreme Levels
An analysis by Cyber News in July 2020 revealed how simple it would be for an attacker to get access to vital US infrastructure through insecure industrial control systems. This might be accomplished by simply employing search engines and programs specialized in scanning all open ports and taking control remotely.
When compared to commercial organizations, attacks on CNI assets usually necessitate far more specialized tools and knowledge. The majority of threat actors are motivated solely by financial gain, whereas disrupting CNI offers little financial benefit.
There are, however, indicators that this is starting to change. “Sadly, I am seeing an increase in CNI attacks not only in the United States but also in the United Kingdom and the rest of Europe.,” says Scott Nicholson, Data privacy specialist, and cybersecurity Director. Bridewell Consulting, as well as a consultant for the NCSC of the United Kingdom.
Cyberattack on the Colonial Pipeline in the United States – May 2021
A cyberattack in May knocked out a key US fuel pipeline that transports 45% of the East Coast’s jet fuel, petrol, and diesel. The perpetrators of the attack were able to take nearly 100 terabytes of data and threaten to release it on the internet.
The attack on Colonial Pipeline exemplifies the growing threat that ransomware poses to important national industrial infrastructure. As per the Information Commissioner’s Office in the United Kingdom, human error is involved in more than 90% of attacks. According to Ava Security, protecting important national infrastructure from social engineering attacks is critical.
We are more vulnerable to cyber dangers than ever before as a result of the rise of remote working. Hackers are adept in social engineering, and they’ll utilize any information they can get their hands on to get access to various entrance points or routes. User education and cyber awareness are used as a preventative strategy to ransomware defense.
Safety Vs Security Dilemma
The perception of a cyber attack and the real threat to CNI are vastly different. In the last 12 months, 86% of organizations have noticed cyber intrusions on their OT/ICS infrastructures. The most successful attacks have occurred in the water and transportation sectors.
Remediation and Vulnerability on OT devices happen just ‘once or twice a year,’ leaving a backdoor available to malicious attackers. The most recent attacks reveal a change in cybercriminals’ motivations.
Scott Nicholson of Bridewell agrees: “In the context of industrial controls, consistency and service availability are critical, however software upgrades are considered risky. Patching and maintaining systems up to date can be difficult for OT organizations,” he adds.
The convergence of key operational technology, IT networks, and the internet for remote management is becoming increasingly important. With the IoT, the advantages of connectivity have become more apparent. However, this inherently expands the attack surface and introduces a wider spectrum of threats.
According to co-founder of Nozomi Networks Andrea Carcano, “several critical infrastructure sites were forced to make an abrupt change to staff working from home as a result of COVID-19, which mandated security teams to make production control networks available remotely to keep systems operating.” Regretfully, remote access is typically the easiest route for attackers to enter a network.”
“Their networks must be kept as separate from the internet as feasible,” continues Scott Nicholson. This can be accomplished by using the Purdue model, a hierarchical structure for industrial communications that was first developed in the 1990s.
Physical security is impressive, yet it is insufficient
A developing problem is the usage of remote desktop PCs to monitor critical infrastructure. According to one expert, power plant operators may be able to listen to music while remotely monitoring the plants using their computers.
The challenges aren’t going away on their own. With the rise of the Internet of Things and demand for drones and autonomous cars, the threat of assault will only grow, as will the demand for working remotely.
Attacks on healthcare organizations and the fight against COVID serve as “dramatic reminders that the systems we respond to are high-value targets that are susceptible and at constant danger of attack,” according to Andrea Carcano, CTO for Europe, the Middle East, and North Africa at Nozomi Networks.
Five Steps That Assist In Preventing Attacks On Critical National Infrastructure
- Secure remote access – In many cases, this is the simplest way for attackers to get access to a network. Managers must use endpoint protection, excellent password hygiene, and network firewalls to secure remote access.
- Creating assets inventory – It’s impossible to safeguard or partition the network for improved resilience if you can’t see all of the devices on it. Security teams may gain accurate visibility into their devices, connections, messages, and protocols by maintaining a real-time inventory of all network assets.
- Recognize and fix vulnerabilities – Thousands of IoT and OT devices from a variety of manufacturers are found in industrial networks. Most, meanwhile, aren’t constructed to endure the degree of security required by essential infrastructure. Tools that use the NVD to identify system vulnerabilities can help determine which devices are at risk, prioritize, and suggest firmware updates.
- Anomalies Monitoring – Automated network anomaly detection systems use artificial intelligence to perform anomaly detection against the real parameters needed to control the industrial process.
- Integrate OT and IT networks –OT understands how to accomplish production goals and keep the plant running safely, while IT can handle cybersecurity and networking concerns. Combining the two can improve resilience while lowering blind spots and security risks associated with increasingly linked industrial control systems.
Conclusion:
In this article, we have comprehended the extreme levels of vulnerability that affected different corporations. We have analyzed the real scenario of a Cyberattack on the Colonial pipeline in the US which occurred in 2021 to understand the dangers of cyberattacks. In terms of safety and security, incursions on technology such as IT networks and the Internet of Things are investigated. Finally, we have discussed the preventive steps that include securing the remote access, creating the assert inventories, identifying and fixing the vulnerabilities, monitoring the Anomalies, and integrating OT and IT networks. Implementing these steps successfully secures the network’s infrastructure from attacks.