Protecting Critical Infrastructure with Automation and Zero-Trust
Politicians on the Homeland Security Committee have recently presented a bill for review which would require critical infrastructure organizations to report data breaches and ransomware payments to the federal government. This comes as the Biden administration called for an increased focus on improving national cybersecurity and emphasized the need for cooperation among the public and private sectors. By identifying 16 different critical infrastructure sectors, the U.S. can develop a national resilience strategy to safeguard resources and prevent damages to the nation’s safety, health and economic prosperity to become truly proactive and cyberresilient.
Understanding Critical Infrastructure Threats
No part of our critical infrastructure is immune from attack. For example, at the start of 2021, the city of Oldsmar, Florida discovered a cyberattack on their water treatment system. A criminal remotely raised sodium hydroxide levels in the water to more than one hundred times than what is necessary, a change that could have been a health hazard to the city’s population if the company did not discover it in time.
Even more recently, REvil initiated the largest ransomware attack to date, impacting over 17 countries. Among those impacted was the meat processor JBS which has plants in the U.S, Australia and Canada. Thousands of JBS employees experienced shift changes and production was stalled for a couple of days in an already high-demand market.
We must also carefully examine the Colonial Pipeline cyberattack. The Colonial Pipeline meanders along the east coast between Texas and New York to deliver refined petroleum products to over a dozen states. In May 2021, a malicious group called DarkSide hacked the Colonial Pipeline and accessed and encrypted about 100 gigabytes of data. The attack compromised the data of 5,810 individuals despite the company making a ransom payment, showcasing the extent of damage that one single breach can have on the security of vital U.S. infrastructure. The company decided to pay about $5 million dollars a day after the attack to regain access to their data and systems.
Even though the ransom was met, the Colonial attack still led to temporary gas shortages and the impact could have been much more severe. The company’s proactive effort to store petroleum mitigated severe disruptions, but not all companies will be so lucky. It’s imperative for organizations to mitigate a breach in the first place.
These few examples are representative of the breadth and severity of the constant attacks on our nation’s critical infrastructure and highlight the urgent need for action when it comes to securing our critical infrastructure from cyberattacks. This can be accomplished by deploying an integrated cybersecurity strategy.
Reaching National Resilience
Many of the resources we rely on as a nation are dependent upon computing systems, some of which are already outdated or undergoing digital transformation. This leaves vulnerabilities in computer systems as information technology (IT) and operational technology (OT) teams work together to update legacy systems and increase operational efficiency while improving resiliency.
While there are many strategies to protect critical infrastructure, the two to focus on first are adopting a zero-trust architecture and embracing automation.
Although employees may not willfully allow criminals into systems, they could unknowingly fall for phishing attacks, forgo encrypting files when sharing or forget to change passwords periodically, which makes insider threats a prominent security risk. This is the reason zero-trust policies should be embraced. Even something as simple as opening an intrusive email can put a company in danger. In fact, 94% of malware originates from email. To combat such risks, a zero-trust framework will involve continuous scanning and monitoring of users, devices, networks, workloads and data to detect suspicious and malicious behaviors. It will also require training employees on proper data handling and instilling vigilance into the organization’s culture, which will improve the overall security posture.
Applying automation is another precaution organizations can begin implementing to reduce the likelihood of a cyberattack. While it may seem like a counterintuitive approach to solving computer vulnerabilities, it is actually a necessary process to have in place when facing a critical infrastructure cyberattack. Automated sensors, reports and alarms allow for real-time decision-making and enable government, businesses and other organizations to deploy security teams rapidly. Automation in other areas, such as data discovery and purging, decreases the likelihood of data decay and decreases the amount of data that can be abused should a breach occur.
Critical infrastructure impacts everyone, which is why it is one of the most high-value targets for cybercriminals. Protecting these entities is a non-negotiable priority for national, state and local cybersecurity professionals. We have already witnessed the impact a lack of cybersecurity could have on our critical infrastructure and the results range from minor inconveniences to financially crippling fallout and even fatalities. Incorporating zero-trust initiatives and automation are tactics that the private and public sector must apply to safeguard the nation’s most precious resources from the consequences of these breaches.
