Otorio CEO comments on critical infrastructures in the crosshairs
It is not only the cyber attacks on critical infrastructures – energy, logistics, telecommunications – over the past two weeks that have shown how vulnerable many organizations and their infrastructures are. It becomes particularly sensitive and critical when attacks affect both IT (information technology PCs, servers, etc.) and OT (operating technology machines, etc.).
With Daniel Bren, the CEO and Co-founder of OTORIO, a well-founded connoisseur of the matter expresses himself today. As a former IT security chief of the Israeli army and today’s entrepreneur, he knows many aspects of the problem:
Daniel Bren, the CEO and Co-founder of OTORIO
“In 1997, the US Department of Defense (DoD) conducted the first “cyberwar games” under Operation Eligible Receiver. A decade later, in 2007, the secret Aurora Generator test showed how a cyber attack on an industrial control system (ICS) could cause physical damage to a machine and its environment. About another decade later, the Russian cyberattack on the Ukrainian power grid in 2015 was the first of its kind to successfully target and damage the energy infrastructure.
Today we are witnessing a further escalation of the crisis in Ukraine and growing tensions between Russia and the West. The big difference today? Offensive cyber capabilities are now firmly established as a means of foreign policy for authoritarian states such as Russia, Iran and North Korea. Today, cyber attacks on critical infrastructures are used strategically to foment and influence the course of political conflicts. This means that cyber warfare, as it was conceived in 1997, has become a reality today. Thus, the cyber defense of critical infrastructures is a key component of national security today – also in Germany.
Cyberattacks are hard to pinpoint
A big problem with cyber warfare, as with traditional warfare, is the spillover of conflicts. In the past, conflicts have repeatedly expanded, including actors who were not originally involved in the conflict. Cyber warfare is no different.
When Russian hackers released a virus called NotPetya on the eve of Ukraine’s Constitution Day in 2017, it successfully crippled the computer infrastructure of the Ukrainian government and the banking sector, affecting about 80 Ukrainian companies. He also – shockingly – shut down the monitoring systems at the Chernobyl nuclear power plant. However, NotPetya did not stop at the Ukrainian border. It spread to companies all over the world and caused millions of dollars in damage.
For this reason, Western countries are watching the developing Ukraine conflict with particular concern. They are not only strengthening their defensive measures against direct Russian cyber attacks on critical infrastructures in response to possible Western sanctions, if they are imposed. They are also concerned about unintended damage to critical infrastructure or the global supply chain from attacks spreading from their original targets.
Current crisis puts authorities on alert
The US Department of Homeland Security calls on critical infrastructure operators to be on high alert in the face of a wide range of offensive cyber tools. Cyber attacks on the energy sector are of particular concern to the US. The memory of the shutdown of the Colonial Pipeline last May is still fresh, and serious damage to critical infrastructures could provoke significant backlash.
In recent days, NATO officials have warned of a cyber attack by Russia . In the UK, the National Cyber Security Centre (NCSC) has issued a new guide explaining that it is imperative that companies stay one step ahead of potential threats. CISA, the FBI, and the NSA have also issued a joint recommendation urging U.S. companies to minimize the gaps between IT and OT security coverage, create a plan for incident response, and manage vulnerabilities and configurations. The US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide range of offensive cyber tools that could target critical infrastructure in the US. The scenarios range from simple denial-of-service attacks to destructive attacks.
These events are another step in the dangerous development of increasingly sophisticated and increasingly effective offensive cyber capabilities. The threat of a cyber war is now very real, and critical infrastructures are clearly exposed to a present danger. Companies must therefore take a proactive approach, i.e. assess the risk by getting an overview of their networks and informing themselves about the risk, in order to then proactively mitigate these risks.
Security tools should be designed for OT ecosystems
It is also important to realize that securing the networks that control industrial facilities and infrastructure requires a different type of cybersecurity approach. Both authorities and operators of industrial/critical infrastructures are becoming aware of the need for attack defense tools designed and developed from the ground up for OT ecosystems. Operational processes and business continuity have top priority.
To understand the potential risk, an automated tool for exploring the OT environment is useful, which allows to determine the assets of an enterprise from the point of view of a potential attacker. For a quick assessment of the security situation, an inventory tool is recommended that captures all OT, IT and IIoT resources. Such a tool should also support operational security teams with compliance reports based on security standards and frameworks such as IEC 62443, NERC CIP and NIST. Another tool for risk monitoring and risk management continuously detects, analyzes and monitors all OT, IT and IIoT resources within the operating environment. It correlates risks and warnings and prioritizes them based on their impact on operational and business continuity. Security teams receive a manageable number of warnings and simplified playbooks with targeted countermeasures.
Cyber hygiene and a proactive approach to risk reduction
The best way for critical infrastructures to deal with the emerging threat of cyberwar spillover or direct cyberattacks by national attackers or cybercriminals is basic cyber hygiene. Companies must take a proactive approach, i.e. they must assess the risks by gaining an overview of their networks and identifying the risk in order to mitigate the risks.“