OT cybersecurity company Mission Secure expects the future of critical infrastructure cybersecurity to be a mix of mandatory regulations and voluntary frameworks, as governments continue to pay attention to cybersecurity until the threat and risk are reduced.
Operations across critical infrastructure industries must address cybersecurity, Paul Robertson, Mission Secure’s director for cyber security, wrote in a recent blog post. “As critical infrastructure industries adopted new technologies, from IT to field sensors, they inadvertently converged and connected operational physical processes to the digital world. And in doing so, organizations became exposed to a host of new cyber threats that IT teams and operators were ill-prepared to combat,” he added.
Following the DarkSide ransomware attack on Colonial Pipelines in May, critical pipeline owners and operators were required to conduct vulnerability assessments of their equipment and return responses by Jun. 28, following a security directive issued by the U.S. Department of Homeland Security’s Transportation Security Administration (TSA), as the government’s actions to make a concerted effort to bolster critical infrastructure cybersecurity.
Operations need to conduct an in-depth assessment that covers what is and is not known, apart from a review of assets, traffic, behaviors, people, and processes for a thorough assessment.
To enhance critical infrastructure cybersecurity, network and device segmentation and micro-segmentation should be part of a zero-trust security approach for critical industrial control system (ICS) environments, Robertson said. “Most critical infrastructure and industrial operations, like oil and gas, power, utilities, and manufacturing, already leverage simple segmentation between the corporate IT networks and the ICS or operational technology (OT) networks. But for most, that is where their segmentation stops,” he added.
Segmentation and micro-segmentation stop unhindered access in IT environments and should be doing the same in ICS network environments. It is invaluable for operations to leverage segmentation throughout the network and protect critical assets and processes, Robertson added.
In addition, the zero-trust model requires the adoption of a least privilege access strategy that assigns access permissions to users, applications, and data based on specific and defined needs. Secure access is enforced regardless of where access is requested, and access controls are fine-grained and revocable. It is also important that all access control activity is logged and audited with the ability to generate alerts automatically.
“Taking steps today to mitigate risk and bolster protection measures will strengthen operations in the short term, and better prepare them for any compliance requirements introduced in the future,” Robertson said. “So, take a thorough assessment of your current risk profile, and put in robust measures to protect your operations with cyber-resilience as the end goal,” he added.
A recent survey carried out by security firm Armis of over 2,000 respondents from across the United States found that end users are not paying attention to the major cybersecurity attacks plaguing operational technology (OT) and critical infrastructure across the country, signaling the need for businesses to prioritize a focus on security as employees return to the office.
“In the past year, 65,000 ransomware attacks occurred in the United States. In other words, approximately 7 attacks per hour, a rate that is expected to continue to rise,” according to Armis. “As the U.S. looks at its vulnerable industries, the responsibility is falling on businesses to ensure that they are keeping the organization and employees safe and secure.”
“Codifying the concept of systemically important critical infrastructure overcomes these obstacles by bridging the gap in trust between the federal government and the private-sector entities that are responsible for securing the nation’s critical infrastructure,” The Lawfare Institute wrote in a blog post. “The status quo is unacceptable—the United States cannot continue to act lackadaisical in the face of a serious national security risk.”
“Prioritizing the defense of systemically important critical infrastructure—whose disruption and collapse would have debilitating effects on U.S. national security, economic security, public health, and safety—is a vital step in keeping the United States secure from malicious cyberattacks,” Lawfare added.
The Cybersecurity and Infrastructure (CISA) published last week a new Malware Analysis Report (MAR) on DarkSide Ransomware and updated its earlier alert highlighting best practices that critical infrastructure asset operators and owners must adopt to prevent business disruption from ransomware attacks.
The update adds the indicators of compromise associated with a DarkSide ransomware variant that executes a dynamic-link library (DLL) used to delete Volume Shadow copies available on the system. The malware collects, encrypts, and sends system information to the threat actor’s command and control (C2) domains and generates a ransom note to the victim.