Protecting Critical Infrastructure

Over many years, threat actors have consistently targeted organisations in the energy, utility and related sectors and cyber attacks on critical infrastructure have become increasingly more complex and more disruptive, causing systems to shut-down, disrupting operations, or simply enabling attackers to remotely control affected systems.

Critical infrastructure and industrial operations have evolved and become digitised in the same way as other modern industries, however, industrial control systems remain in a unique hybrid stage, somewhere between their analog history and the digital future. 

Critical infrastructure describes the physical and cyber systems and assets that are so vital to a country that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. In most countries it is the government's responsibility for the national security, public safety, the effective functioning of the economy and the continuity of government services in case of an emergency or crisis. Unhappily, such events are more frequent:

  • After the recent ransomware attack on a major petroleum pipeline in the US, the Department of Homeland Security’s (DHS) has announced a Security Directive that will enable it to better  respond to threats to critical companies in the pipeline sector. 
  • In February 2020, Saudi authorities reported that their public petroleum and natural gas company Saudi Aramco has seen a significant increase in cyber attack attempts following a huge initial attack in 2012 when a  Virus damaged around 30,000 computers.
  • New Zealand’s Central Bank had a large data breach, where commercially and individually sensitive information was stolen by cyber attackers.
  • Irelands Health Service IT systems shut down and remain partially disabled following a wide ranging ransomware incident. 
  • In both Israel and the Florida potentially lethal attempts to sabotage control systems in the water distribution network were thwarted by alert supervisors. 

The disruption caused due to a successful cyber attack on a nation’s critical agencies can be far-reaching. It has the potential of causing a major loss of money, time, and even lives. 

Critical infrastructure cyber security has been gaining momentum in the US, culminating in a new security directive, as cyber-attacks continue to target infrastructure companies. “The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N. Mayra.  

The DHS is focussing its efforts with owners and operators and other government agencies to enhance the physical security preparedness of US hazardous liquid and natural gas pipeline systems and the new Security Directive will require critical pipeline owners and operators in the US to:

  • Report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CIA).
  • Designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.
  • Review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CIA within 30 days.

Visibility and management are the key factors  in security for Supervisory Control and Data Acquisitions (SCADA) systems, but security and IT professionals must be aware of the risks and set in place security controls aimed at reducing the impact of a potential cyber attacks and the increasing the costs of these attacks.

Currently around 103 countries have published their national cyber security strategies. As the US lead agency for protecting critical infrastructure against cyber security threats, CIA provides cyber security resources to mitigate potential risks, including through a dedicated hub that disseminates information to organization, communities, and individuals about how to better protect against ransomware attacks. 

Cyber attacks on critical infrastructures can have a significant economic impact, especially when targeted in conflict between nations. Securing these systems is not a matter of fully reverting back to physical access, but a matter of understanding how Internet-connected control systems work, how they are configured, and how they are accessed. 

Dept. of Homeland Security:    World Trade Organisation:    CIPSEC EU:     

Security Boulevard:       Mission Secure:       I-HLS:       Image: Unsplash

You Might Also Read:

A New Generation Of Critical Vulnerabilities:

Focused Security Analysis For Your Organisation’s IT Systems:

 

« NCSC Focus On Ransomware Attacks
Why Is It So Difficult To Convict Cyber Criminals? »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CS Risk Management

CS Risk Management

CS Risk Management is a cyber security and risk management consultancy. Specialists in compliance, data protection & risk management.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

JAS-ANZ

JAS-ANZ

JAS-ANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Steadfast ICT Security

Steadfast ICT Security

Steadfast provides specialised information security management services for Government and Enterprise customers.