Ultra Intelligence & Communications

How to Stop Nation State-Driven Cyber-Attacks from Crippling Our Critical Infrastructure

September 5th, 2018 / By

National Intelligence Director, Dan Coats, recently warned that, “the warning lights are blinking red” on cyber threats to US national security, and digital attempts to undermine America are occurring daily. The Stuxnet and BlackEnergy malware attacks exemplify the potency and potential of state-sponsored activity to cripple our critical infrastructure. Most recently, Russia-supported NotPetya, targeted at Ukrainian government agencies but spread quickly worldwide to a variety of industrial targets, accounted for $10 billion in damages, the worst cyberattack in history.

According to the most recent “State of Industrial Cybersecurity” report, 77% of executives surveyed believe their Industrial Control System (ICS) network will suffer an attack, yet nearly half of respondents admitted to not having measures in place to detect such an attack. Considering Director Coats’ comments that both US government facilities and businesses in the energy, nuclear, water, aviation and manufacturing sectors are among the primary targets of bad actors, this lack of preparedness is alarming.

Amplifying the gravity of this risk is the inherent vulnerability that comes from connecting legacy equipment, such as programmable logic controllers (PLCs) and sensors that operate US defense and energy facilities, as well as industrial production lines, to the Internet as a part of the Industrial Internet of Things (IIoT). Business Insider estimates that global manufacturers will spend approximately $70 billion annually on IoT solutions in 2021. Although the IIoT promises improvements to productivity and lower costs, the environments in which connected devices operate must first be protected from malware and other threats.

The enterprise IT solutions that protect front office applications are not applicable to plant facilities; anti-virus and other commonly-used tools are an inadequate response to pervasive cyber-physical threats. In most cases, there are myriad complex and often conflicting demands between cyber-physical security and IT that must first be reconciled.

Unfortunately, protocols used in ICS environments lack necessary network service authentication. Validated cryptographic technology and flexible monitoring modes are needed to fulfill these difficult requirements. In order to shield critical infrastructure against cyber-attacks without interrupting daily operations, cybersecurity should extend beyond the basic firewall, perimeter and signature-based IT defense to also protect SCADA and other networked endpoints using protocol-specific parsing and whitelisting that assure data integrity.

Creating a whitelist of allowed commands for controllers allows ICS security officers to manage costs while maintaining peak operational performance.

No single device or software solution can solve all of the problems described above. Only a last line of defense approach can provide the blanket protection our critical infrastructure needs, which must be deployed as part of a robust and layered cyber-physical defense strategy.