Cyber Attacks On Critical Infrastructure – A New Frontier In Global Conflict

Cyber-war is still an emerging concept, but many experts now believe that it will be a significant component of any future conflicts. As well as troops using conventional weapons like guns and missiles, future wars will also be fought by hackers using computer code to attack an enemy's infrastructure and to take down their government support systems and the country’s commercial businesses.

At its core, cyber warfare, currently, is the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant infrastructure damage, and potential assistance to more traditional military attack. 

This military strategy is similar to the beginning of aircraft use at the beginning of the 20th century when planes were initially seen as having the potential of minor visual intelligence, only for large bomber aircraft to become massively destructive.  

Commercial Threats
Governments, intelligence agencies and business now worry that digital attacks against vital infrastructure, like banking systems or power grids, will give attackers a way of bypassing a country's traditional defences. 
This will allow them to take systems down at the beginning of an attack on a country’s infrastructure and/or to steal commercial and intellectual property and use it for their own commercial growth without having to go through the cost and time of system and product development.

Unlike standard military attacks, a cyber-attack can be launched instantaneously from any distance, with little obvious evidence in the build-up, and it is often extremely hard to trace such an attack back to its originators. 
Also, modern businesses are underpinned by computer networks that run everything from sanitation, health services, food distribution and communications, which are particularly vulnerable to such attacks, especially as these systems are in the main poorly designed and protected.

In 2017 Russian hackers obtained access to the US electrical grid by penetrating the networks of key vendors that service power companies. The attacks surfaced in the spring of 2016 and continued throughout 2017. Officials believe the campaign is likely still ongoing.

Some vendors still may not be aware that their systems have been compromised, because the credentials of actual employees were used to infiltrate utility networks.  Hackers used conventional tools, such as email phishing, to obtain employee passwords and access supplier networks. 

The US, Canada and the whole of Europe, Australia and New Zealand’s utility sectors routinely face millions of attempted cyber intrusions. 

Duke Energy, one of the largest power companies in the US serving 7.6 million customers reported more than 650 million attempted cyberattacks in 2017 and a similar amount of attacks in 2018. While a cyberattack hasn’t successfully shut down the US or a European power grid, the threat is real.

More and more, electrical utilities and energy companies are turning to cybersecurity vendors for protection against attempted attacks. 

In its most brutal stage, a cyberwar could result in the crippling of power plants, airports, transit and thousands of businesses as the Ukraine experienced in December 2015 and 2016 and again in June and July 2018. 

Cyber War
A full cyberwar would likely lead to crippled power utilities, hospitals, transportation systems, retail outlets and more. 
Furthermore, in order to curb dissent and freedom of expression, some authoritarian governments take the drastic step of flicking the "off switch" on mobile and fixed line networks to disable the internet and messaging services used by protesters.
All over the world, intentional internet shutdowns and deliberate slowdowns are becoming increasingly common. They generally occur when someone (usually a government) intentionally disrupts the internet or mobile apps to control what people do or say. Out of all countries worldwide, India shuts down its internet most frequently.

In many countries, internet shutdowns are preemptive or reactive measures to mass or potential public unrest, with Turkey's 2016 failed military coup an obvious example. 

This is also true to some extent in India where Internet access is cut off due to political turmoil, protests or military operations. India is even known to carry out shutdowns in certain regions to prevent cheating during examinations. 
For example, Darjeeling in West Bengal suffered a 45-day Internet shutdown due to political demonstrations and protests from activists seeking a separate state while Nawada in Bihar had a 40-day shutdown as a result of communal clashes.
Given the importance of the Internet, moves to block it or limit access can prove costly. In India, the sheer volume of shutdowns, coupled with their length, are getting expensive - very expensive.

Ukraine
A massive attack on the  Ukraine power generation system took place on 23 December 2015 and is considered to be the first known successful cyberattack on a power grid. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electricity supply to industrial and domestic consumers.
Ukraine’s president, Petro Poroshenko, has reported that there had been 6,500 cyberattacks on 36 Ukrainian targets in just the previous two months. 

International cybersecurity analysts have stopped just short of conclusively attributing these attacks to the Kremlin, but Poroshenko didn’t hesitate: Ukraine’s investigations, he said, point to the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.” 

Moscow has long regarded Ukraine as both a rightful part of Russia’s empire and an important territorial asset, a strategic buffer between Russia and the powers of NATO, a lucrative pipeline route to Europe, and home to one of Russia’s few accessible warm-water ports. 

For all those reasons, Moscow has worked for generations to keep Ukraine in the position of a submissive smaller sibling.
The group behind the attacks, known as Dragonfly or Energetic Bear, has been traced to Russia and had racked up "hundreds of victims", said the US Department of Homeland Security (DHS). The attacks are ongoing, it added. 

The hackers seem to have used tightly-targeted attacks to compromise the corporate networks of suppliers, The attacks used emails sent to senior staff or sought to make them visit spoofed or hacked social media sites. Once the groups won access, they carried out detailed reconnaissance to familiarise themselves with how plants and power systems worked.

Germany
A German nuclear power plant in 2016 was discovered to be infested by computer malware. The Gundremmingen plant, operated by the German utility RWE and nestled northwest of Munich, is said to have the highest-output nuclear power station in Germany. 

Experts identified the viruses to be “W32.Ramnit” and “Conficker”, found at the plant’s B unit in the system that involves the transport of reactor fuel. 

Cyber-attacks against nuclear power plants and industrial control systems are probably at the top of a long list of potential disasters that can be caused by hackers.

Until now Stuxnet, which targeted nuclear power plants in Iran, was the most widely publicised threat against such systems. 
This incident shows however that threats against nuclear power plants are not limited to targeted attacks, but may also be caused by more common attacks. The malware was discovered in the part of the plant named “Blok B” which luckily was isolated from any radioactive functions.

Different from more open conflict-style cyber-attacks such as the ones we have recently seen against Ukraine’s electricity infrastructure, these attacks seem to be the actions of smaller and possibly civilian threat actors. Yet, the threat is very real and based on the increasing number of incidents involving industrial control systems it looks like the current security approach of “computerised but isolated from the internet” is not enough.

Currently companies spend almost $100bn on cyber security, with the bulk going on technology infrastructure to defend against external threats.

Insider Threats
However, insurance cyber risks analysts agree that 58% of cyber claims are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices. When we include vulnerabilities that exist due to a talent or skills shortage in cyber security, the percentage attributable to internal human issues is closer to 90%.

This should be a big of concern to the financial  industry in the City of London. With attacks against online financial services and the major lending companies increasing at steep rates over the past few years, the financial sector is experiencing higher costs from cyber-crime than any other industry.

The Financial Conduct Authority is stressing the importance for financial institutions to nourish a security culture. But building a culture of cyber security is not only about technology, it also requires a strategy that addresses people and processes. 
No longer should it solely be the job of the IT department to handle cyber risk on its own. Instead, it is imperative to look across an organisation and identify people-based vulnerabilities, including talent and learning gaps, to protect against threats.
The biggest security vulnerabilities are hiding in plain sight. Even with today’s technological advances and increased use of automation, the core of any organisation is composed of its people. About 75% of companies surveyed in our survey reported that they plan on addressing risk factors tied to human error by 2020. 

The majority of employers also said they had established effective policies to manage cyber security threats, and most employees indicated that they understood their companies’ policies. In practice, however, employees often lack the awareness and accountability required to thwart cyber threats.

But there are ways that firms can turn their biggest potential weakness into a strength.

Understand the Culture
An important first step is understanding the workforce culture issues that create vulnerabilities. Employee feedback mechanisms can enable employers to gain deeper understandings of the cultural factors influencing employees’ cyber awareness across their organisation. 

The feedback can also enable an organisation to direct its cyber security budget appropriately and to deploy other solutions, such as an appropriate change and communication plan.

Drive Employee Awareness 
Employees often lack awareness of cyber security risks at a basic level. For example, most employees believe that their organisations’ IT systems are sufficient protection. This thinking may explain why roughly 45% of employees say that it’s safe to open any email on their work computer, according to our survey.  

It is therefore important that employees are trained to understand that despite technology firewalls and other protections, they each play a key role in helping their organisation combat cyber-attacks, including reporting of phishing emails, social engineering tactics and other threats, to appropriate IT teams. 

With this level of awareness, IT teams will be better equipped to acquire and deploy more effective technology solutions.

Deliver Cyber Training & Education
Security awareness training is a critical part of driving a culture of security. But to ensure its effectiveness, organisations must consider deploying innovative ways to delivering and measuring the training. Most employees have a large and increasing training load covering topics from diversity to regulation. 

Consider training approaches that will help to embed awareness in the culture over a longer term. There are several ways to achieve this, such as gamification and appointing employees as “cyber ambassadors”.

Lead by Example 
Evaluate whether your executive leadership team is supportive of cyber awareness and action-oriented behaviours. For example, make sure leaders model positive behaviours that encourage employees to do the same and employees are given the voice to speak up and take action.

Hire Appropriately
Employers need to cultivate robust pipelines of cyber-savvy talent. Onboarding for information security talent should cover cyber risk management processes and procedures. 

These topics should also be embedded into other areas, from performance management to succession planning, and include ongoing training to keep their skills up to date and forward looking.

 Image: Nick Youngson

You Might Also Read:

Cyber Know How For Management In The Digital Age (£):

 

« Disinformation: Facebook Shuts Hundreds Of Russia-Linked Accounts
The Future Of War is Cyber »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

Dreamlab Technologies

Dreamlab Technologies

Dreamlab specialises in securing critical IT infrastructures. We offer qualitative support and advice for managing your infrastructure and cyber security needs.

LuJam Cyber

LuJam Cyber

LuJam Cyber is a cybersecurity company that provides protection to SME Networks.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.