Threats to Critical National Infrastructure (CNI) are increasing. This is because there are more attacks occurring that target operational technology (OT) and industrial control systems (ICS), which are used to protect CNI. It’s crucial to be aware that these attacks are happening so the discussion can turn to how to best harden CNI against these threats.
The truth is, most organizations that help maintain CNI are not very cyber resilient. In fact, Help Net Security surveyed 370 companies, and found that only 36% had achieved a high level of cyber resilience.
This is concerning for the utility industry. Siemens and the Ponemon Institute found in their report Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Threat? that 64% of respondents claimed sophisticated attacks against the utility sector to be one of their biggest obstacles. On top of that, 54% of respondents expected that there would be an attack on CNI within the next year.
These respondents’ worries are being realized. In February of 2020, IBM X-Force disclosed that threats targeting OT and ICS assets increased by over 2000% over the course of 2019, which was more than the past three years combined. Additionally, Morning Consult reported that NETSCOUT identified a 595% increase in the number of distributed denial-of-service (DDoS) attacks between June 15 and August 21 of 2020 compared to the same time period the previous year. This amounted to 1780 attacks on utilities across the globe.
So why is it so tough to secure CNI? There are four top challenges that the security industry faces in its efforts to protect CNI.
1. Breach Detection: Organizations that do not utilize continuous monitoring are not using the most robust type of breach detection. If a CNI organization is not continuously monitoring its environment, there are huge security risks. Many organizations will use agent-based solutions to monitor their OT assets, according to Claroty. The shortcoming of this is that there will be downtime when installing and updating these agents. Particularly with a CNI asset, this downtime, where your asset is left vulnerable, could lead to a breach with massive consequences that could threaten national security or the public.
2. Threat Landscape: CNI organizations also face the challenge of handling the larger OT threat landscape. The OT threat landscape is larger than the IT one because OT devices are often older and therefore more likely to be out of date. There’s a very high cost to upgrade and replace OT technologies, so it is not done nearly as often as with IT. These legacy systems can potentially be decades old, and because they use proprietary network protocols for communication and may not be getting upgrades at all, this makes them vulnerable to attacks. It is easier for malicious actors to exploit these legacy systems’ weaknesses.
3. Internal Resources: One of the biggest challenges facing CNI organizations is their lack of internal resources that are needed to adequately address and resolve security concerns. This is not a hurdle specific to CNI organizations—it’s a struggle the industry as a whole faces. (ISC)2 revealed in a 2019 survey that in order to close the cybersecurity skills gap, the industry would need to grow by 145%. That would mean filling 4.07 million jobs. With this big gap, it means that many CNI organizations are left without the digital security skills needed to properly protect against malicious actors. Instead of building out proactive processes that will detect security incidents, overworked security experts often find themselves in a reactive position mitigating security incidents and just trying to keep up.
4. Situational Awareness: You want to continuously monitor your environment so that you can proactively pinpoint threats before they cause any damage. It’s especially important to be able to do this on legacy systems, as these are often easier to exploit and very common in CNI. And while you’re aiming to have a great deal of situational awareness to best protect your OT and ICS networks, you also want to do this in a way that minimizes the amount of manpower needed to do this successfully.
When considering security solutions for safeguarding CNI, these are four of the greatest challenges to have in mind. Finding solutions that address these obstacles will help ensure that these networks will have high cyber resilience. When it comes to CNI, it is of the utmost importance to take the necessary precautions to safeguard us and our world.