By: Cybrary Staff
April 21, 2022
Why it's time for critical infrastructure companies to invest in cybersecurity training
By: Cybrary Staff
April 21, 2022
In the worrying era of cyberwarfare, critical infrastructure and supply chains have become favorite targets for state-sponsored threat actors.
Along with military assets, critical infrastructure has always been a prime target in acts of war. These systems, which include power generation, healthcare services, and transport, are vital to the normal functioning of society.
While such assets are obvious targets in conventional warfare, it is crucial to remember that they’re often targeted during peacetime. Indeed, the definition of war itself is changing in an age where hostile states routinely target critical infrastructure with crippling cyberattacks, even far outside of an actual declaration of war. In 2015, for example, Ukraine suffered the world's first large-scale attack on a national power grid at the hands of a Russian advanced persistent threat (APT) attack – long before Russia's criminal full-scale invasion of the country in 2022.
Despite the growing threat of cyberwarfare, hostile nation-states are not the only threat actors in attacks against critical infrastructure. Some threats may even come from within, as is often the case in hacktivism. Hacktivism, a portmanteau of hacking and activism, refers to hacking to promote social change or a political agenda. Critical infrastructure, such as energy and manufacturing, are common targets.
Whether or not hostile regimes have sanctioned them, organized cybercrime syndicates often present a great threat to critical infrastructure. Moreover, given how high the stakes are, the most dangerous and advanced cyber attackers often go after such assets because they know there is likely to be a lot more to win, should they succeed.
What are the most significant cyber threats to critical infrastructure?
For the most part, the threat of cyber attacks applies just as much to critical infrastructure companies as they do to any other organization or supply chain. The main difference is that the stakes are far higher, and the attacks tend to be far more sophisticated. This is because, particularly in the case of cyber warfare, threat actors tend to be well-funded and highly skilled. They also know that any successful attack on a critical infrastructure asset could lead to a devastating chain reaction. Moreover, their goals often far transcend financial gain, prioritizing to cripple their enemies socially, economically, and militarily.
Ransomware is one of the most common cyber threats to critical infrastructure. These attacks are often perpetrated by organized ransomware-as-a-service (RaaS) syndicates operating off the dark web. While financial gain is the obvious goal in ransomware attacks, these syndicates are sometimes sanctioned by hostile states or, at the very least, deliberately overlooked. For example, the infamous Colonial Pipeline ransomware attack in 2021 was carried out by the allegedly Russia-based group Darkside, which some believe has been sanctioned by the Kremlin. This assumption is partly because Darkside never targets companies in Russia or CIS.
Fortunately, ransomware is a relatively easy threat to counter with a comprehensive backup and disaster recovery strategy. However, the same cannot be said for more advanced threats against critical infrastructure, such as APT attacks. These are far more dangerous because they generally target control systems rather than data itself. APT hackers are more interested in operational technology, such as physical devices that support vital industrial processes like the generation of power. Imagine, for example, how such a threat could cause serious damage if it were to target a power station cooling system. This should give any critical infrastructure company with outdated and inadequately protected industrial control systems something to think about.
How can cybersecurity training help protect against cyber warfare?
As critical infrastructure companies and their supply chains continue to modernize and adopt innovative digital technologies, they face new opportunities and risks alike. On the one hand, implementing solutions like internet-connected monitoring and control systems can enhance sustainability and productivity. But on the other hand, every new app, device, and user account is another potential entry point for attackers.
Failing to innovate is not an option, given the role of critical infrastructure in the continuation and betterment of society. However, innovation without adding undue risk must be a top priority. That is why a comprehensive cybersecurity training program is crucial to success. Furthermore, cybersecurity is everyone's responsibility, simply because everyone is a potential target. All workers should be well-versed in how to identify and report potential social engineering scams and other threats. Those responsible for working with and maintaining control systems should be fully aware of the more advanced threats that exist and how to counter them.
Proactive security also plays an increasingly vital role in protecting critical infrastructure. Areas like ethical hacking and penetration testing are highly effective for gaining an external view of an organization's security. In addition, simulated lab environments can educate employees on relevant threats and help equip them for tomorrow's challenges. However, more needs to be done to deter the rising tide of cybercrime, and that starts with training and awareness.
The critical infrastructure sector, including assets like power plants, public health facilities, and security services, are priority targets for hostile states waging cyber warfare. Now that the digital realm has become the fifth theater of war, critical infrastructure companies and their supply chains must brace themselves for the worst.