However, the term CRITIS not only covers the power grid, but also areas such as military, manufacturing, healthcare, transport, water supply and food production. In 2017, the outbreak of the ransomware WannaCry affected several healthcare companies. In 2018, the US CERT, together with the British National Cyber Security Center (NCSC) and the FBI, issued a warning that the Russian government had launched an attack on critical infrastructure in various industries. In addition, for several years, threats to air travel booking and public transit systems have been making headlines. In early 2019, the ransomware variant LockerGoga began infiltrating and disrupting the production processes of chemical companies and aluminium producers.
Important challenges
According to an investigation by (ISC)2, there is a shortfall of nearly three million cybersecurity experts worldwide, and nearly 60 percent of the 1,452 survey respondents believed that their company was at medium to high risk of virtual attacks. The existing security teams are barely able to handle the myriad of alerts. Moreover, they are often not sufficiently represented at senior management level to receive the necessary attention and support for important initiatives. For example, only 31 percent of organisations in the aviation industry have a dedicated CISO.
To make the most of their existing resources, security teams must be able to understand and prioritise the threat data and alerts within the context of their organisation. This gives teams the opportunity to easily and clearly communicate relevant security issues to management, and to justify additional resources needed to improve security processes.
More and more attacks use multiple vectors in parallel and make the defense more difficult. The US CERT warning mentioned above mentions a variety of these used TTPs, including spear-phishing emails, watering hole attacks, credential capture, and specific attacks on ICS and SCADA infrastructures. At the same time, the attack surface is growing as CRITIS operators increasingly migrate to the cloud, introducing mobile devices and IoT. More than two-thirds of IT executives in the oil and gas industry said they are more vulnerable to security breaches because of digitisation (the provision of digital technologies for advanced automation).
Companies can protect their digital landscape against threats only if they have an overview of the entire infrastructure and the ability to continuously evaluate and prioritise threat intelligence.
Many ICS and SCADA systems have been in use for years and do not have modern security features that can protect against current threats. The number of reported weaknesses in the production area increased significantly in 2018 compared to the previous year. However, these systems are rarely updated as operators fear interruptions. Despite increasing attacks on critical infrastructures, protection has not been extended. Rather, it has become even worse as the devices and systems are increasingly connected to the Internet without paying attention to the security implications. Although those responsible for Information Technology (IT) and Operational Technologies (OT) have different goals, processes, tools, and concepts, they must work together as their environments grow closer together.
Surveys among security officers say that 75 percent of businesses assume they will be the victims of cybersecurity attacks on OT / ICS systems. However, only 23 percent adhere to the industry's minimum legal requirements for cyber security.
Conclusion
Headlines about attacks on critical infrastructures are quickly portrayed as a sensation. It is often difficult to find the facts behind the report and to understand the impact of a large-scale cyber campaign on the business. It is not enough to update only the ICS and SCADA devices. With a trusted threat intelligence platform, can companies identify and respond to the truly relevant threats.
Tips to help organisations minimise their cyber risk: