The integration of information technology (IT) and operational technology (OT) environments and the uncertain geopolitical pattern have increased the risks of global key infrastructure organizations.If you need help with your business, you can find the best talent with the help of a Global PEO.
Governments are urging cyber defenders to prepare for a new wave of cyber attacks, especially in key infrastructure areas, as threat participants seek to become more effective in the context of geopolitical uncertainty.
A recent joint consultation from Western cyber security agencies highlighted the growing threat of criminal cyber activity and its potential impact on critical infrastructure. As power grids, water treatment facilities and financial institutions are now facing a higher probability of cyber attacks, enterprises and societies that rely on them are also facing risks.
Network defenders should pay attention to different types of network attacks. Kroll, a consulting firm, observed that compared with the fourth quarter of 2021, the number of phishing attacks used for initial access in the first quarter of 2022 increased by 54%. This is the classified attack vector of industrial control system (ICS) and operation technology (OT) in MITRE framework. Once going through the initial stage of network attack, e-mail leakage and ransomware are still the two most common types of threat events in Kroll’s quarterly threat situation report. Ransomware attacks can lead to systematic disruption in critical environments.
In view of the number of vulnerabilities and potential network attacks, it is necessary to have comprehensive threat monitoring technology and develop flexible plans for the entire enterprise and the entire supply chain. It is indeed time to strengthen network defense.
Specific challenges to protecting critical infrastructure
One of the biggest challenges in protecting critical infrastructure is being able to assess and manage attack surfaces. The enterprise needs to determine the components and weaknesses of the network, and at the same time, add a layer of monitoring on suspicious activities, which may indicate network security incidents that need further investigation. This is a recurring challenge because there are three competing factors:
Integrated IT-OT environment
It is very difficult to establish connections in these environments, analyze the overall data, and segment the network to limit the potential intrusion of network attackers.
Large and heterogeneous asset inventory
Enterprises often do not have a clear understanding of the existing assets in their environment, let alone the ability to securely manage them by applying security updates.
Lack of security monitoring
Although operational monitoring may be powerful, it is not the same from a security perspective. Enterprises usually know little about abnormal events that may indicate security events.
Practical approach to OT security
Plans and technical manuals should be clearly separated from broader IT manuals to avoid conflicting priorities, as the rush to resume “normal business” may undermine the necessary security steps.
In order to prove their defense capability in the future, six key steps can be taken in the process of improving OT security. Enterprises should:
Determine the components, roles and responsibilities required to gain control over the OT environment, and clearly understand the content required for defense.
Risk is managed, assessed, classified and controlled within an OT management framework that is appropriate for the purpose. The enterprise shall comply with relevant regulations and take advantage of third-party support and other methods.
Protect their assets, networks, and operations from network security threats through access control, patch management, and security configuration.
Isolate part of the network. Verify network isolation and proper control, and isolate operations, data flows, data storage, control platforms, and remote access.
According to the risk management framework and compliance requirements, reduce risks by implementing controls and measuring maturity and effectiveness.
It ensures the future development of the enterprise by integrating security into the whole change management process. This includes embedding security into the OT architecture for expansion to meet future needs. Vinchin offers solutions such as VMware backup for the world’s most popular virtual environments, XenServer backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, Oracle backup, etc.
When you face a new warning, you need to win quickly
It takes time to get a return from a pragmatic approach, but enterprises can also focus on some areas to achieve rapid success.
For example, event preparation can be performed in three ways. Network segmentation will keep key systems away from access points of potential network attackers. Compromise assessment can help enterprises find the most vulnerable areas. The deployment of sensors to monitor suspicious activities from equipment in OT environments can provide early warning and expand the scope of preparation and response.
If a cyber attack does occur, the response manual should help the enterprise deal with potential challenges and introduce appropriate stakeholders and experts. It is important that planning and technical manuals be clearly separated from the broader IT manuals using the OT event response approach. This avoids conflicting priorities, as the rush to resume “normal business” may undermine the security measures that need to be taken. The reality is that network security related aspects are often ignored in OT incident response plans.
Prepare for an uncertain future
Network risk has never been completely independent of world politics and international affairs. The physical conflict field is more closely connected with the digital field than ever before. The uncertainty surrounding geopolitical development is making key infrastructure the focus of cyber criminals. This will continue to pose an urgent challenge to OT systems and enterprises. They need to remain vigilant to mitigate the risks they face, while expanding their defenses to enhance the long-term security of their OT infrastructure and environment.