Espionage, network outages, data held to ransom; the consequences of cyber-attacks have long given cause for concern. But when threat actors have the backing of nation states and critical infrastructure is the target, it’s clear there’s even more at stake. Over the last few years, a growing number of cyberassaults have been launched at critical infrastructure.
The essential systems that we rely on in our everyday lives are vulnerable, and future attacks could bring entire countries to their knees. If electricity was cut off for just 48 hours, businesses would cease to function, risking serious economic damage if banking and trading systems fail. Hospital patients and vulnerable people would be unable to access life-saving and preserving treatment, and evacuations may need to take place. A successful attack on transport systems, particularly air traffic, would have deadly results.
Thankfully, the attacks we have seen so far have yet to reach that level of destruction, but that doesn’t mean we can breathe a sigh of relief. In 2016, San Francisco’s light railway system, the Muni Metro was targeted by ransomware, shutting down 900 employee workstations and freezing email and payroll systems. The same year, SWIFT, the international cooperative that facilitates global bank transfers and handles trillions of dollars daily was targeted by an ongoing series of sophisticated cyberattacks. One of these succeeded in stealing $81 million from the Bangladesh central bank.
In August 2017, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault designed to sabotage operations and trigger an explosion. Then in September that year, multiple electricity companies in the USA were targeted by a group of hackers, dubbed ‘Dragonfly’, which enacted a highly-sophisticated, ongoing series of attacks.
Now the US Department of Homeland Security (DHS) and the FBI have issued a joint alert saying that Russian government cyber-actors are actively targeting organizations in the US energy, nuclear, commercial facilities, water, aviation, government and critical manufacturing sectors. Governments worldwide have issued similar warnings and investigations.
While these outbreaks have only gone so far, researchers investigating Dragonfly’s series of attacks on electricity companies warned that they could still sabotage systems they have been able to compromise. Investigators also believe that the same tools and methods Dragonfly used could fall into the hands of other nefarious groups. Similar systems are commonly used by electricity companies the world over, and whether or not they share similar practices, structures and network infrastructures, the same security concerns extend to all organizations.
The warnings are stark and clear; organizations controlling areas of our infrastructure can and should improve their defenses. Attackers will continue to use sophisticated and aggressive tactics to infiltrate and move laterally across networks to access and disrupt critical systems.
Best security practices need to be maintained across the board, from the simple to the sophisticated. The basics of strong access management and software patching must be maintained. Organization-wide training, policies and practices are essential. Finally, it’s particularly important to block the latest attack vectors and mitigate any damage that can be caused if a threat actor penetrates by keeping critical systems and data separate with next generation firewalls in-between.
In conclusion, protecting critical infrastructure against cyberattacks is complex—especially as each sector (from banking to power and water utilities, to transport) has its own unique challenges and requirements. However, we need to better secure these vital systems, and fast, for the benefit of every one of us.