The cyber threats to critical infrastructure operational technology (OT) – how to protect your operations
Critical infrastructure operations are vital to our society as they provide essential services such as electricity, telecommunications, transport, drinking water and so on. The threats to this sector are constantly increasing and therefore systematic work with concrete cybersecurity measures in this sector is of great importance.
Risks in critical infrastructure and OT
Critical infrastructure, such as electricity distribution, water supply, transport and telecommunications, relies on IT systems to control and monitor the processes that form the basis of these activities. Industrial control systems such as ICS (Industrial Control System) or SCADA (Supervisory Control and Data Acquisition) are therefore crucial for our modern society to function. These functions can be collection and processing of measurement data, log management, management of control units and sensors, invoicing in real time, etc.
Managing support remotely means lower costs and improves efficiency. But it also leaves the business more open to information leaks and cyberattacks, which can have devastating effects. The question is how to protect information in operations within critical infrastructure? How do you protect your business from threats, while remaining efficient and able to continue to guarantee a certain expected uptime?
Threats to critical infrastructure are increasing
In their report “ENISA Threat Landscape 2022”, ENISA expresses that there is an increased risk to critical infrastructure, the industrial sector and OT. In the industrial sector, ransomware attacks are the most common form of attack affecting operations. Threat actors can use many approaches to disrupt OT systems, including:
- Malware of different kinds
- Attacks that spread from IT to OT
- Force operators to shut down OT infrastructure to reduce the risk of spreading to or within the OT network
- Exfiltration of sensitive information about the OT system
There are many reasons why attackers will continue to target OT systems. Among other things, it may be that:
- OT systems continue to be connected with other systems (e.g. IT systems, the cloud and various subcontractors), increasing the chances for attackers to enter OT through these other systems
- There may be a greater risk of organisations paying ransoms to make critical systems available again
ENISA recommends that organisations with OT systems deal with the most common problems in OT, such as insufficient network segmentation, remote access to OT and shared user accounts.
Cyberattacks can have very large consequences
Being exposed to a cyberattack can have very big consequences for the affected company/organisation:
- Major productivity losses as the attack can cause interruptions and even longer production stops. The attack can also mean a more permanent impairment of productivity and quality.
- Leakage or even loss of information. Intellectual assets are also at risk of being stolen.
- The trust and reputation of the company can be seriously damaged, which can lead to difficulties in getting new customers in the future but also difficulties in getting financing.
- Large costs may arise in connection with the attack, including paying external service providers for forensic investigations and to restore crashed computers, but also for extra work internally to solve the situation. It can also entail costs if you as a company do not meet various requirements, such as laws and regulations, placed on the business.
- There is a risk that the company will be forced to shut down the entire operation, at least temporarily, which for a lot of operations that are based on being constantly in operation is a serious threat.
Case: Wiener Netze protects its infrastructure with data diodes
Wiener Netze is ranked as one of the most innovative providers in Europe, supplying electricity, gas, district heating and data to millions of people in Vienna and its suburbs. Production, trade, and distribution were separated from the network operations at Wiener Stadtwerke when the market was liberalised in the early 2000's. As a result, the electricity, gas, and district heating network, as well as the telecommunications network, were combined, and everything was integrated into Wiener Netze.
As digitalisation progresses, investments in IT are now dominating. With the goal of being able to offer its customers a consistently high standard in the power supply, Wiener Netze increasingly invests in automation, e.g. end-to-end monitoring of individual components in the energy flow.
Wiener Netze uses data diodes from Advenica to be able to provide complete protection of SCADA systems in OT environment. By implementing this high-security solution based on data diodes, Advenica physically isolates the SCADA systems in Wiener Netze's OT environment in order to guarantee complete protection and at the same time ensure absolutely secure communication.
Read more about this case!
How to protect your business against cyberattacks
Unfortunately, there is no one-time formula that allows you to fully protect yourself against all cyberattacks. But there is much you can do to prevent it from happening, but also ways to reduce the damage of an attack.
To begin with, each company or organisation must identify which information or which systems that are most critical and thus worthy of protection. Since most systems today are interconnected, it is difficult to get an overview of how many paths that lead to the most valuable information. By making a risk and vulnerability analysis, information and systems worthy of protection can be classified and loopholes identified.
However, it is not practical or financially justified to protect all information in the same way. To secure the most valuable information, strict network segmentation is the best solution to use. This means that you create zones with different security levels.
After creating zones, you should choose security solutions for operation, availability, and adaptability based on the attacker's perspective and worst-case scenario. To be able to protect your most critical information, be sure to use professional solutions for high security and solutions that are future-proof.
Use these four concrete tips on how you can protect yourself and your business against cyberattacks:
1. Create a good security culture
2. Segment your networks
3. Put demands on your subcontractors
4. Update securely
Read more about these tips!
If you need more help protecting your business, please contact us!