Critical Infrastructure: The More Connected, The More Vulnerable
Sunday evening the power went out. There were tremendous thunderstorms in the area, which, as I began to think more about it (in the dark) was a comforting factor. First things first though, I had to tell everyone not to open the refrigerator, not to flush the toilet, call and report the outage and to help find the candles. So, what do you do in the dark, three miles down a dirt road, in the middle of nowhere in the same area that Stephen King writes his contemporary horror novels… You tell scary stories of course.
I told a story about a large-scale power outage caused by a cyber attack; one that would make our little isolated power outages due to Mother Nature pale in comparison. That someday soon the cause of our melted ice cream and candle lit dinners will be something far more sinister, and not likely isolated to some Podunk town in Maine. Picture New York without water. Picture a massive power grid failure during the winter that affects an entire region. And think about these catastrophes being caused, not by some nation state, but by one lone disgruntled employee. If that’s not alarming enough, think about a nation state’s well-orchestrated phishing campaign targeted at sysadmins within a large critical infrastructure company in order to acquire credentials to work their unobstructed way into ICS/SCADA systems – with the goal of wreaking havoc at the worst possible moment.
Why the focus on critical infrastructure as an attack vector? Industrial Control Systems (ICS) which include Supervisory Control and Data Acquisition (SCADA) have historically been proprietary systems that were isolated from corporate networks. No longer. Now these systems use standard hardware and operating systems and are exposed to the same network vulnerabilities as any other network resource. As critical infrastructure systems have become accessible via the Internet, weak credential/access controls make electrical, water, oil, gas and nuclear power systems vulnerable – especially with the proliferation of attacks targeting privileged and third-party credentials by cybercriminals.
The risk is real. In fact, in a recent SANS survey of ICS/SCADA organizations they state that they “present a wildly attractive target for those who see to cause disruption or to threaten infrastructure for their own purposes.” In the same survey, 34% of these organizations believe their systems have been breached in the last 12 months, and 42% see external actors as the number one threat vector.
Cryptzone’s dynamic, context-aware AppGate solution offers a new approach to network security that can tightly restrict who can access information stored on your ICS/SCADA systems. It provides a secure gateway between ICS and business networks, creating a ‘segment of one’ between the user and the network resource(s) they are entitled to – making non-authorized resources invisible and inaccessible to any users who do not have access rights. Because you can’t breach what you can’t see.
Learn more here about what AppGate can do to keep the lights on.