Securing Critical Infrastructure in the Wake of Ukraine Power Grid Attack
The recent power outages in the Ukrainian city of Ivano-Frankivsk have become a subject of global concern. The outages, which were caused by targeted cyber attacks on two major power suppliers in the region, were implemented via malware smuggled into their industrial control systems (ICS).
At the outset, these attacks draw focus to the vulnerability of the power supply system, and by extrapolation, the vulnerability of most of the world’s infrastructural services. Over the past couple of decades, critical infrastructures and utilities have been transitioning their legacy networks to packet for a multitude of reasons. As a result they have become an easy prey for cyber-attacks—and without reinforcing security measures, they aren’t up to the task of warding off advanced threats.
The Growing Concern for Critical Infrastructure Cyber Attacks
However, a closer look at the Ukraine incident reveals a much bigger cause for concern. The gravity of the situation lies not so much in the specifics of the power grid attack, but in the apparent defenselessness of large infrastructural services against cyber threats. Of note here is the fact that while the susceptibility of critical infrastructures to cyber threats has repeatedly been discussed over the past decade, in many cases, no significant, tangible reinforcements have yet been applied to these systems.
The maritime industry is a classic example of a system under perpetual cyber threat. Cyber attacks as piracy tools are becoming increasingly common. In 2013, hackers were able to gain control over the port computer system in Antwerp, using the records not only to locate and smuggle oil containers, but also delete their tracks once the operation was complete. Oil and gas infrastructure is one of the biggest victims of cyber attacks, and is slated to push expenditures to almost $2 billion on cyber security solutions by 2018.
Even the Ukraine power grid attack was more than just a standalone event. Investigations revealed instances of similar malware infection in the country’s railway and mining infrastructure. Of course this suggests that both public and private sector services—regardless of their size or typology—are currently at risk of cyber infiltration. But it also indicates that cyber attacks are well on their way to becoming the latest weapons of mass destruction, using widespread infrastructural failures as their strategy.
Against the backdrop of these concerns is a lack of information sharing by the targeted organizations. While the primary reason for this restraint is the organizations’ need to protect their image, it has nonetheless limited active research and investigation. We as a populace remain largely unaware of how industrial hackers interact with their targeted systems, and as a result, the development of effective preventive measures tends to be delayed. Recent research conducted at Hamburg University of Technology suggests that in the field of ICS cyber security, ‘defense methods’ are currently lagging behind ‘attack methods’ by as many as 20 years.
Meeting Cyber Security Demands for Critical Infrastructure
The situation demands, more than anything else, a change in attitude towards cyber security, especially in the field of critical infrastructure. Comprehensive security systems, focused on safeguarding the multi-layered processes and protocols within an organization, are already being developed. As opposed to the business sector, it has been found that hackers of critical infrastructures tend to focus on attacking industrial processes rather than physical assets, as illustrated by the recent Ukraine power grid attack.
While access into an infrastructural service’s control system is relatively simple; the challenge around how to cause the most damage remains. Typically, an organization’s accident reports are good sources of information, pointing the hackers towards a possible weak link within the setup. A comprehensive cyber security suite such as ECI’s LightSEC, is tailored towards providing cohesive network expertise, including adequate encryption protocols and firewalls, network anomaly detection, big data cyber analytics, SCADA DPI and more.
In a world where the only constant is change, the only means of staying ‘future proof’ is through constant feedback. It is critical for infrastructural services to actively recognize the tangible threats that cyber attacks present, and to work in collaboration with security services towards developing the technologies needed to keep them at bay.
Want to learn more about ECI’s LightSEC solution for critical infrastructure defense? Contact ECI now for more information.