Decoding the impact of cyberattacks on interconnected critical infrastructure
James Bond films or movies from the Terminator series have captivated the global audience over the years. The events are compelling and also throws up circumstances that are increasingly relatable to real-life incidents. Are these really hyped-up theatrics? Or a beacon of what is happening in the world and what awaits us?
The 2012 James Bond movie Skyfall showed how covert intelligence agencies struggled to survive a connected world with covers blown by a simple YouTube video. Cut to 2015, Genisys --- the new movie from the Terminator series --- highlighted how a maleficent computer program could take over the super-connected digital world and bring an end to the human race.
It's happening, here and now!
Welcome to reality! In September 2019, the Kudankulam Nuclear Power Plant (KKNPP), India's most significant, experienced a cyber-breach. The Indian Computer Emergency Response Team, CERT-In, identified a malware infection in the plant's administrative network. A forensic analysis by a cybersecurity firm later confirmed that a large amount of data from the network had been siphoned off.
There's more. India was severely affected by the WannaCrypt ransomware crypto worm in 2017 that affected 150 countries and over 40,000 systems. That same year, Netya, another international trojan ransomware, hit three terminals of the Jawaharlal Nehru Port and APM Terminals Mumbai, crippling the operational infrastructure. Recently, amid the raging Covid pandemic, China-linked hacker group RedEcho targeted India's power plants, ports, and parts of the railways. In cinematic parlance, this is just the trailer. Attacks on critical infrastructure are increasing, and cybersecurity experts anticipate attacks of more significant consequence soon.
The Union Home Ministry tabled a CERT-In report in the Parliament earlier this year. It states that cyberattacks rose by almost 300% in the country since the pandemic outbreak. India has integrated networks for critical infrastructure. Experts feel a ‘fire-sale' assault, a coordinated attack on connected transportation, telecommunication, financial and utility infrastructure, is possible. Once launched, it could have a crippling effect on the economy and may also cause human casualties.
There will be a cascading impact. It will first lead to chaos, followed by increased pressure on civil services infrastructure and law enforcement agencies. The second wave will target the collapse of the socio-economic system, depending on which critical infrastructure is impacted.
Types of attacks
Quite worryingly, attacks on critical infrastructure are not linear. They take various forms. Through cyber espionage, bad actors can gain illicit access to confidential information, steal classified, sensitive data or intellectual property. The attack on KKNPP, which stole administrative data, is suspected of cyber espionage orchestrated by Chinese-North Korean group Lazarus.
Cyber-sabotage is also on the rise. On 12 October 2020, a cyber-sabotage on the Maharashtra State Electricity Board (MSEB) server caused an outage across Mumbai. The cybercrime unit identified it as a three-pronged malware attack on the MSEB server, transferring data worth 8GB and forced log-in attempts by several blacklisted IP addresses.
Sleeper cyber-attacks are yet another type. Like sleeper cells of terrorist organizations, sleeping malware is placed/sent to various critical systems and later remotely activated to control or cripple the infrastructure. US-based intelligence company stated a sleeping malware was behind the MSEB attack, part of a larger cyber-sabotage planned by Chinese perpetrators RedEcho.
India is witnessing an increase in Denial-of-Service or Distributed Denial-of-Service DoS/DDoS attacks due to remote working. It seeks to make systems or network resources unavailable to its intended users by temporarily or indefinitely disrupting services, causing loss of time and money.
Last but not least, cyber propaganda is a tool gaining popularity in the arsenal of cyberwarfare. It's an effort to control information in whatever form and influence public opinion.
Need to delve deeper
It is essential to understand that if government and organizations don't implement global best practices, all other efforts to leverage enhanced security will be wasted.
Here's a three-pronged approach to safeguard the critical infrastructure:
Human beings are considered the weakest link in cybersecurity. However, awareness about cyber threats, education on how to perceive threats, and information about what motivates people to act maliciously can bring about a significant change.
At the same time, organizations need to realize cybersecurity as a critical component of the company's well-being and develop a robust strategy.
Dedicated cybersecurity personnel or team can be of real help. A team can handle a plethora of information, provide round-the-clock security and operation monitoring. It can keep the company safe by integrating new technologies like network detection and response solutions for enhanced Cyber Situational Awareness against evolving risks and threats. An organization can also train people in charge of Operational Technology (OT) that handles Industrial Control Systems/critical infrastructure.
Critical infrastructure organizations should also focus on the processes.
Risk assessment and treatment allow institutions to balance the economic and operational cost of protective measures. Risk assessment enables threat identity and assesses threat likelihood, and risk treatment is the process of action upon identifying risks. Organizations should also initiate cybersecurity audits to find any cybersecurity risks to the operational technology.
An Industrial Control System must set up metrics for cybersecurity effectiveness and calculate time lapses between threat detection and action. Mean time to detect (MTTD), mean time to resolve (MTTR), and mean time to contain (MTTC) are a few key metrics that stakeholders should enable.
Equally vital are supply chain security, which is focused on the management of cybersecurity requirements for IT systems and enterprise operational procedures that act as guidelines for incident response, risk management, and control management.
It's imperative for organizations handling critical infrastructure to include the entire gamut of cybersecurity protection, mitigation, and response. Moreover, response and recovery should not only be limited to internal/internet-based technology setups. Organizations should invest in OT network architecture and segmentation to employ dynamic policies.
Similarly, security control and separation should be in place to mitigate risk error and fraud. OT teams should also integrate secure remote access to analyze and respond to threats from anywhere.
Critical technology integrations like ICS protocol awareness for threat detection, proactive monitoring, and preventive control between IT/OT and different OT segments can be beneficial. Organizations must also secure access control for OT systems and invest in data backup.
Invest for a secure tomorrow
Cybercriminals are targeting OT networks as they recognize their potential for greater disruption than IT systems. OT sits at the core of systems, which, if breached, could impact outages of critical services. Hence, the need of the hour is a dedicated security provider that can effectively manage each of the three aspects of cybersecurity: people, processes, and technology.
Cybersecurity situational awareness solution providers in India can proactively limit the risk to OT through greater visibility and real-time monitoring.
AI-enabled tools can identify, protect, detect, respond, and recover systems. They can facilitate efficient resolution of identified incidents with concrete evidence, actionable intelligence, and response workflow integrations.
The hackers are upgrading their arsenal continuously. So, it is crucial to stay ahead of them.
This article has been written by Praveen Jaiswal, Founder & Director, Vehere