#HowTo: Protect Critical Infrastructure from Cyber-Criminals

Over the past year, the world has witnessed a number of cyber-attacks on critical infrastructure, each of which has had a devastating global impact. For example, following the recent Colonial Pipeline and Solar Winds attacks, we saw individuals experience food and energy shortages and unable to access vital healthcare services. 

Ultimately, critical industries and supply chains – involving the likes of food, transport, and healthcare – are increasingly being targeted with complex attacks due to the crucial role they play in national and global stability. 

These increasingly sophisticated emerging threats are evolving rapidly, meaning that security and regulatory teams also have to continually evolve. But what steps can enterprises take to ensure that their critical networks and supply chains remain resilient and protected from cyber-criminals?  

The Main Security Challenges Facing Critical Information Systems 

The increased use of cloud services and widespread adoption of remote working have posed a challenge when protecting critical infrastructure as the attack surface for threat delivery has expanded significantly. Over the past year, this attack surface has also grown alongside the increasing convergence of traditional IT systems and operational technology (OT) networks. To enter the network, attackers can deploy tactics across this attack surface – such as a malicious email or a vulnerable remote access application – to steal credentials and move through the enterprise system to target critical operations in either OT or IT networks.

The diverse nature of the supply chain can also pose challenges when it comes to security, as they often span IT, OT and other external service or product suppliers. By targeting the supply chain as the initial entry point, attackers can enter a network through a trusted connection, system or user, making it harder for security teams to detect the activity.

How to Optimize Critical Infrastructure Protection 

When it comes to protecting critical infrastructure, implementing dynamic security solutions is key. Cyber threats are continually evolving and often change faster than the regulatory process can keep up. Therefore, the technology solutions required to deter critical infrastructure threats must be flexible and built on an open security architecture to evolve with emerging threats.  

Focusing on securing OT networks across the enterprise is also vital. For example, OT networks in manufacturing enterprises play a fundamental role across critical national infrastructure, including the energy and healthcare sectors, and must remain operational throughout a cyber-attack. 

To ensure both IT systems and OT networks are protected, enterprises should adopt the shared responsibility model. Here, everyone across the infrastructure and supply chain network has a part to play in implementing security best practices. Defining clear roles and responsibilities across teams will help strengthen this approach, such as deciding which specific team is responsible for implementing security controls and which one should roll out an incident response plan that includes all areas of the network. In doing so, teams will be prepared for incident response before a security breach even happens.  

How to Implement a Zero Trust Approach 

Adopting a zero trust approach to security is also crucial for enterprises looking to protect critical infrastructure and networks. Zero Trust ultimately allows IT and security teams to maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary, without compromising user experience and performance. 

Zero Trust is an architecture principle and strategy, and getting the right approach can take time. 

Some key starting points for enterprises looking to adopt a zero trust mindset include: 

  • Implementing continuous proactive monitoring for potential malicious activity across the enterprise to identify any changes, vulnerabilities or anomalous user activity in critical systems. 
  • Strategically considering threat intelligence sources by integrating threat data across the entire enterprise security architecture and planning processes.
  • Eliminating trusted zones and micro-segment resources and therefore not granting access to enterprise resources solely based on location or network segment. This applies to both workplace and industrial systems, as well as remote access networks from suppliers or workers and micro-segmentation between critical business and security systems.  
  • Extending asset discovery and understanding beyond IT managed systems and end-user devices to encompass all data sources and compute services, including cloud services, BYOD and contractor-owned OT automation systems, which will ultimately improve visibility.  

At the end of the day, safety is always the priority when it comes to critical infrastructure and OT systems. However, given the rapidly evolving nature of today’s cyber-threat landscape, enterprises should be looking to adopt increasingly flexible and varied security solutions and threat models to help consider both the potential risk from malicious attacks and the wider safety risks should they fall victim to an attack. 

What’s Hot on Infosecurity Magazine?