Critical Infrastructure: The More Connected, The More Vulnerable

August 5, 2015 |
Decorative image of a power plant

Sunday evening the power went out. There were tremendous thunderstorms in the area, which, as I began to think more about it (in the dark) was a comforting factor. First things first though, I had to tell everyone not to open the refrigerator, not to flush the toilet, call and report the outage and to help find the candles. So, what do you do in the dark, three miles down a dirt road, in the middle of nowhere in the same area that Stephen King writes his contemporary horror novels… You tell scary stories of course.

I told a story about a large-scale power outage caused by a cyber attack; one that would make our little isolated power outages due to Mother Nature pale in comparison. That someday soon the cause of our melted ice cream and candle lit dinners will be something far more sinister, and not likely isolated to some Podunk town in Maine. Picture New York without water. Picture a massive power grid failure during the winter that affects an entire region. And think about these catastrophes being caused, not by some nation state, but by one lone disgruntled employee. If that’s not alarming enough, think about a nation state’s well-orchestrated phishing campaign targeted at sysadmins within a large critical infrastructure company in order to acquire credentials to work their unobstructed way into ICS/SCADA systems – with the goal of wreaking havoc at the worst possible moment.

Why the focus on critical infrastructure as an attack vector? Industrial Control Systems (ICS) which include Supervisory Control and Data Acquisition (SCADA) have historically been proprietary systems that were isolated from corporate networks. No longer. Now these systems use standard hardware and operating systems and are exposed to the same network vulnerabilities as any other network resource. As critical infrastructure systems have become accessible via the Internet, weak credential/access controls make electrical, water, oil, gas and nuclear power systems vulnerable – especially with the proliferation of attacks targeting privileged and third-party credentials by cybercriminals.

The risk is real. In fact, in a recent SANS survey of ICS/SCADA organizations they state that they “present a wildly attractive target for those who see to cause disruption or to threaten infrastructure for their own purposes.” In the same survey, 34% of these organizations believe their systems have been breached in the last 12 months, and 42% see external actors as the number one threat vector.

Cryptzone’s dynamic, context-aware AppGate solution offers a new approach to network security that can tightly restrict who can access information stored on your ICS/SCADA systems. It provides a secure gateway between ICS and business networks, creating a ‘segment of one’ between the user and the network resource(s) they are entitled to – making non-authorized resources invisible and inaccessible to any users who do not have access rights. Because you can’t breach what you can’t see.

Learn more here about what AppGate can do to keep the lights on.

Back to Blog Home

Philip Marshall

As Cryptzone’s Director of Product Marketing, Phil Marshall brings over 14 years of experience in both product and services marketing as well as 10 + years experience in the high-tech publishing space with publications including Dr. Dobb’s Journal and Byte magazine. Prior to joining Cryptzone, Phil worked at security firms Rapid7, Positive Technologies and RSA. He also was a Senior Product Marketing Manager at Black Duck, the leading open source governance and management firm.

A speaker at recent (ISC)2 conferences and ISACA, he’s participated in numerous webinars, in panel discussions and presented on topics including Identity Security, Application Security and Open Source Governance and Management.

Marshall earned a BA at Bates College and an MBA, cum laude, at the F.W. Olin Graduate School of Business at Babson College.

Leave a Reply

Your email address will not be published. Required fields are marked *