Critical Infrastructure Software Vulnerability
The pervasive digitization of critical infrastructure results in its higher vulnerability to cyber-attacks whose level of sophistication and persistence is steadily growing. Transport networks, power facilities, information and communication networks etc. are among the likely targets for disruption.
Challenge Description
Operational Technologies (OT, also referred to as Industrial Control Systems – ICS) are used to monitor and manage industrial processes and physical infrastructure like power grids and plants, transport or water infrastructure, manufacturing facilities, etc.
Traditionally critical infrastructure was detached from cyberspace by the ‘air gap’ dividing OP from the internet and ensuring that objects and systems cannot be accessed from outside. However, the convergence of Information and Operational Technologies (IT and OT) and increase of critical infrastructure dependency on IT are evident making cyberthreats to the software used on these objects an urgent challenge. It is noteworthy that the COVID-19 pandemic also contributed to the convergence of IT and OT and accelerated the process as it increased the demand for remote access to OT systems and critical infrastructure as a whole.
OT are often outdated and are hardly compatible with modern-day cybersecurity technologies, with their ‘zero-day vulnerabilities’ - the loopholes in software remaining neither patched nor identified, so attacks on the OT can be used to reach IT and OT platforms of other critical infrastructure.
According to the Fortinet State of Operational Technology Report 2022, 93% of studied organisations experienced at least one cyberintrusion over the last year, whilst 78% experienced at least 3 intrusions.
Apart from the aforementioned, nowadays, hackers are often more organised and use more sophisticated technologies and algorithms (e.g., advanced ransomware attacks destroy backups first). Government-sponsored hacking groups are also instrumental in international conflicts, thus a threat of cyberwarfare is not only theoretical anymore.
As of today, cyberattacks on critical infrastructure consistently ranked 5th top risk according to the World Economic Forum’s Global Risks Report in the last four years. The Microsoft Digital Defense Report of 2022 showed that the number of digital attacks targeting critical infrastructure doubled from 20% of all detected nation-state attacks in 2021 to 40%.
Solutions
-
Adoption of the ‘zero-trust’ strategy is a key principle for protecting critical infrastructure in cyberspace. According to the IBM’s 2022 Cost of a Data Breach Report, whilst 80% of surveyed critical infrastructure organisations do not put in place zero-trust strategies, the average data breach costs in this case are $5.4 million (compared to $4.35 million for organisations which adopt zero-trust policy).
-
Providing centralised visibility of every OT and IT system and constant monitoring of traffic, activities and behaviour of users and devices are crucial for cybersecurity of the critical infrastructure. Artificial intelligence and machine learning can be used to detect potential threats and analyse behaviour.
-
It is strongly advised to have minimum vendors, with the aim of reaching only one, as complex systems complicate the cybersecurity whilst expanding the attack surface.
-
Cyberprotection for critical infrastructure also includes multifactor identification and role-based access control along with reputation-based prevention to mitigate risks of insider threats.
-
Micro-segmentation implies dividing the network into multiple zones which can be accessed only by authorised employees or devices, which prevents the threat from spilling over from one zone to another.
Among basic recommendations are bringing OT and IT systems in line with industry regulations and carrying out regular security assessments. Proper education and training of staff plays an important role as well (according to the 2022 KPMG Africa Cyber Security Outlook, 2/3 African enterprises face challenges recruiting cybersecurity professionals, and the sector lacks some 3 million specialists).
Case 1. 2021 Attack on Transnet’s Port Operating Systems
In July 2021, the Transnet, a public enterprise operating most of South African ports, railways and pipelines, experienced a ransomware attack resulting in the disruption of the container terminals and cargo handling facilities of Durban Harbour (accounting for almost 60% of South Africa’s container shipping), Cape Town Harbour, Port of Ngqura, and Port Elizabeth, which significantly slowed logistics and loading processes and required employees to manually process shipments. The incident resulted in major economic losses both for the country and for importers and exporters.
Before restoring the operations and restarting the systems about a week later, they were improved. Cybersecurity was strengthened through deploying a new firewall, a reverse proxy and a system against DoS attacks.
Case 2. Attacks on the Grand Ethiopian Renaissance Dam
The concerns over cybersecurity of the GERD in Ethiopia are growing as the malicious access to the IT and OT systems of the Dam can allow hackers not only to disrupt it but to empty the reservoirs and cause a flood. Due to the international confrontation over the Dam, it is a justified concern.
The cyberattack attempts targeting the Grand Ethiopian Renaissance Dam were undertaken at least two times – in June 2020 and in May 2022. The first one was said (by Ethiopian sources) to be carried out by Egypt-based hacking groups. In May 2022, the Ethiopian Information Network Security Agency (INSA) reported having prevented another cyberattack on the Grand Ethiopian Renaissance Dam along with multiple attacks on financial institutions. Yet, the name of the sponsoring side was not revealed.
Author:
Olesya Kalashnik, research fellow
Have you spotted a typo?
Highlight it, click Ctrl+Enter and send us a message. Thank you for your help!
To be used only for spelling or punctuation mistakes.