Gareth Williams, Vice President – Secure Communications & Information Systems, Thales UK, speaks about risk management and fraud detection, outlining what enterprises, particularly in the financial sector, can do to encrypt their customer and employee data.
With increasing automation and digitalisation, Critical National Infrastructure continues to be a key target for hackers. In fact, a report by the Ponemon Institute in 2019, highlighted the severity of the problem; finding that nine in 10 (90%) of critical infrastructure providers in the US, UK, Germany, Australia, Mexico and Japan had fallen victim to a cyberattack in the past two years. What’s more, two thirds (62%) revealed they had been hit by multiple attacks.
Since the launch of the world’s first digital weapon, Stuxnet, a computer worm which reportedly ruined almost one-fifth of Iran’s nuclear centrifuges in 2010, energy companies have been on standby. And with good reason. Over the past two decades, the extremely sophisticated worm has, with the help of cybercriminals, mutated and spread into other industrial and energy-producing facilities, and in 2017 managed to bring down the Ukrainian power grid.
While these high-profile attacks on Critical National Infrastructure have caused many to tighten their cybersecurity practices, the National Cybersecurity Centre still has a fight on its hands to safeguard the energy industry. Cyberthreats are continuing to climb in a new, rapidly changing security landscape, probing new vulnerabilities and looking to exploit global issues such as the COVID-19 pandemic.
Exploiting a crisis
COVID-19 has opened up a myriad of opportunities for cybercriminals, and it’s clear they’re hoping to capitalise on public fear. Whether it’s playing on people’s concerns about the virus through phishing schemes, launching ransomware take-overs of hospital systems or using malware disguised as alerts about a vaccine, hackers are preying on people’s vulnerabilities, as well as their cybersecurity measures. The National Cybersecurity Centre says there’s been an increase in phishing attempts through text messages, pretending to be from ‘COVID’ and ‘UKGOV’, calling for financial payments to battle the pandemic.
The pandemic has placed even more pressure on the energy sector, increasingly under attack by cybercriminals using a range of different methods to capitalise on businesses operating remotely. Whether it’s for financial gain, data hoarding or espionage, hackers are hoping to disrupt and damage the UK.
Since the outbreak, additional cybersecurity has been installed around Government infrastructure, but it’s tough to manage infrastructure, such as power grids, remotely. To mitigate this, the National Grid has invested heavily in onboarding new security partners whose products help enterprises keep data secure and ward off hackers.
As cyberattacks continue to rise, it is imperative that we locate and identify weaknesses around Critical National Infrastructure – and implement solutions including tougher cybersecurity – before it’s too late. The consequences of failing to act range beyond disruption of networks and compromised information – there is a very real risk to human life. With hackers now able to infiltrate and shutdown systems that support critical facilities, such as the electrical grid, failure to implement adequate security measures could be life threatening.
Bringing operational technology online
While the pandemic has accelerated the integration of remotely controlled and connected operational technology (OT) systems within the energy sector, this increased online migration has opened up whole new attack vectors that few companies are prepared for. OT systems that were once separated from the Internet by an air gap, now communicate and interact with newer IT systems, enabling cybercriminals to pivot into non-connected devices via the breached IT system or control.
Bringing decades old systems – that were not designed for the Internet – into the IT sphere or linking them to connected technologies which can be accessed remotely, is a risky game. If not done right, this can leave businesses vulnerable to machines being taken down by hackers or used to break into the company’s wider network. In fact, it was through a viscous malware that hackers launched the BlackEnergy3 attack – again on Ukraine’s electricity grid. Beginning with a ‘spear-phishing campaign’, criminals were able to gain access to IT infrastructure before pivoting across to the HMIs.
The point where physical security meets cybersecurity
As the line between connected and non-connected systems becomes increasingly blurred, a more integrated security approach is needed to protect Critical National Infrastructure at risk from constantly evolving threats in cyberspace. It is important to look at OT and IT as two separate entities that require different levels of security and ensure that infrastructure is prepared for the next inevitable cyberattack.
The future lies in resilience. It’s much more than just patching up OT systems to make them secure. To ensure that these critical systems aren’t constantly held to ransom or brought down by hackers, there needs to be a change our attitude. If we hope to become unbreakable amidst the increasing complexity of a global pandemic, we must be prepared and armed against the growing risks.