Critical Infrastructures incorporate assets, strategic networks, and core systems that can be digital or physical and are vital to a community or a nation. Moreover, they are so significant that any damage or corruption could leave a debilitating effect on the nation's physical security, economic sustainability, and public health. As defined by the Cybersecurity and Infrastructure Security Agency of the United States, there are 16 critical sectors which range from nuclear reactors to commercial facilities. As a cybersecurity professional saddled with the responsibilities of ensuring the cybersecurity of these critical sectors, there are things to know and do, which we shared in this article. For instance, prevention, identification, and discovery of threats and deterrence need to be tactfully balanced and coupled with a formidable response strategy, damage control, crisis management, and a recovery procedure after an imminent attack. This is not child's play, as you need to understand the present expanding threat landscape and how malicious players think and act. Why Are Cybersecurity Professionals Finding it Hard Securing Critical Infrastructures? Threat actors are going after critical infrastructures because they are systems leveraged by stakeholders and the government to secure other assets. According to IBM X-Force discovery, attempts made by cybercriminals on Industrial Control Systems and other OT infrastructures increased by over 2000% between 2018 and 2019. NETSCOUT, a few months later, also reported about 1,780 DDoS attacks on utilities globally between June and August of 2020. These discoveries only raise pertinent questions, "Why are cybersecurity professionals finding it difficult securing critical infrastructures?"
Many organizations lack the required internal resources to achieve their security objectives, such as trained cybersecurity experts. For example, a survey conducted by (ISC)2 revealed a gap of 4.07 million security-related positions yet to be filled. As a result, companies need cybersecurity professionals to execute their cybersecurity objectives.
The OT Threat Landscape is huge when compared to that of IT. Interestingly, most organizations that manage critical infrastructures are yet to upgrade to the latest technologies. Malicious actors can exploit this weakness in legacy systems to hijack these critical assets.
Cybersecurity professionals need to monitor any anomalies on the OT networks in real-time. Most organizations leverage agent-based solutions to do this. In the event of breach detection, OT assets might need to be shut down to be updated and upgraded. This downtime can affect or undermine the economy, public safety, or national security.
The skill gap in the cybersecurity industry is getting widened. Organizations don't have the requisite skills to secure OT systems and networks. A Dimensional Research study revealed that 83% of cybersecurity professionals are getting worked out in 2020. Most security experts are trained on reactive cybersecurity and not detective or proactive cybersecurity.
Cybersecurity professionals need to be proactive with ICS security. There is a need for real-time monitoring of the operational environments for threats and detecting them before they cause damage.
Securing critical infrastructures should be a top priority for cybersecurity professionals to avoid infiltration by cybercriminals, leading to data loss, corruption of files, and damage to computer networks and systems. This will result in spending some level of resources to fight back these attacks and recover the attacked system from the cyber attackers or hackers. The following strategies are possible ways to help do this.
1. Have a skillful cybersecurity team
Investing in safeguarding your organization's computer systems and the network would go a long way to avoid the hassle of dealing with data breaches or malware invasion. Investing in cybersecurity begins with forming a solid team to oversee the security of your organization's computer network and system. Your cybersecurity team should be made up of proactive, talented, and skillful professionals to focus majorly on the cyber health of the organization and the development of a robust risk management approach to any cyber-attack or threat.
2. Practice Information Security Standards and ensure Compliance
Compliance with security standards is a big concern for enterprises and public organizations today. Aside from regulatory standards such as HIPAA, PCI DSS, and ISO 27001, which prescribed recommendations for protecting user data and enhancing cybersecurity management at the enterprise levels, there are standards also outlined by the National Institute of Standards and Technology (NIST). The two recent guidelines are Security Measures for EO-Critical Software Use, which detailed the measures for utilizing critical software such as:
The second guidance is Recommended Minimum Standards for vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028. This guidance outlines the basic standards for developers and vendors in verifying software. Cybersecurity professionals must guide and interpret these new guidelines for their organizations and ensure vendors and employees practice them. Examples of information security controls are establishing physical access controls such as security guards at building entrances, locks, close circuit security cameras, and perimeter fences, creating cybersecurity controls and policies within the organization, and encryption of sensitive data, amongst other controls.
3. Get everyone in the organization involved
The success of cybersecurity doesn't lie solely on the shoulders of the cybersecurity team in your organization. It is the duty of every staff or team member who has access to the organization's computer network and system to participate in activities that promote securing critical infrastructures within the organization. This can be done by; organizing a security awareness education and security framework compliance training for all team members.
4. Adopt effective cybersecurity practices
There are certain cybersecurity practices that cyber professionals are engaged in to secure critical infrastructures. These practices can also be adopted across every team in an organization. These practices include:
5. Strengthen communication patterns within and between teams
Ensure that a communication platform supports the quick dissemination of information between the cybersecurity team members and other organization members. This will allow the cybersecurity team to stay in touch with other team members, give them updates about the threat landscape and equip them with the right cybersecurity tools and technologies to use. Also, they would be able to guide the non- IT members on how to use these tools to overcome cyber-attacks. The financial cost and resultant effect of overcoming cyber threats and attacks are enormous. However, this can be mitigated by a combination of strategic, wholesome, and proactive plans and actions to ensure tight and secured cybersecurity. These plans are to be evaluated regularly to check for efficiency and effectiveness. A report by Deloitte on Critical Infrastructure gives an insight into how critical infrastructure protection programs address only physical threats. Unfortunately, this makes the network vulnerable to other cyber threats such as service disruption and public safety concerns, amongst others.
Colonial Pipeline paid cybercriminals around $4.4 million to restore their systems. However, attacks on critical infrastructure may have more devastating consequences. The first death directly linked to a cyber-attack was in September 2020 when a woman died in a local hospital in Germany because a ransomware attack delayed her treatment. As critical infrastructure providers come into the 21st century, cybersecurity should be a top priority for leaders and stakeholders in the industry.