Top Critical Infrastructure Cyber Threats

Critical infrastructure facilities, be it power plants, manufacturing hubs, national railways or airports, are increasingly targeted for cyber threats. There are many high-profile cyber-attacks that have recently occurred on critical infrastructures in India including a malware attack on THDC Ltd.’s Tehri dam in Uttarakhand, a ransomware attack on the West Bengal State Electricity Distribution Co. Ltd (WBSEDCL), an attack on a Rajasthan’s discom website and the attack on Haryana discoms in which the commercial billing software of the highest paying industrial customers was hacked, according to information reviewed by Mint.

While the critical infrastructures across global have avoided a major catastrophe thus far, this good fortune may not last unless companies strengthen their cyber security programs. We researched and found some of the top cyber threats for critical infrastructure firms in India:

1. Rising Challenges because of emergence of IoT (Internet of Things): Critical infrastructures are moving into the next stage of evolution and new technologies, such as Internet of Things (IoT), are rapidly being integrated into the operational environment. This has brought in new operational threats as a result of old OT equipment not having been designed for internet exposure. However, there is a need for connectivity between IT and OT networks to get real time intelligence from production.
   
   
2. IT/OT systems are insecure by designs: In general, OT systems have been isolated from IT systems and were primarily built to ensure availability, rather than to be secure. OT systems even lack basic authentication procedures making it easier to attack OT systems. Once an attacker gains access to an OT network, the incident is not easily detected.
   
   
3. Lack of Skilled Professionals: According to a study by E&Y about the oil & gas sector, 50% say the lack of skilled resources is challenging information security’s contribution and value to the organization. The security team lacks individuals who understand both IT & OT systems and can identify and remediate threat actors in both systems.
   
   
4. Lack of Visibility of Vulnerabilities: Threats often originate from IT networks and get passed on to OT systems. Security teams lack visibility of IT traffic and anomalies, which allow them to protect the OT network. Instead, OT teams need to adopt a reactive approach for detecting these threats so that these vulnerabilities can be mitigated.

Best Practices to Counter Cyber Threats:

• Gain Visibility into IT and OT Systems: Improving SCADA security is a top priority for every OT manager and the first and most critical step is gaining visibility. Due to the complexity and lack of visibility, a dangerous blind spot is created where attackers can easily breach unprotected elements. The only way to eliminate these blind spots is to understand the network, its devices, protocols, configurations, events and traffic with precision. The key to making sense of complex SCADA networks lies in visual, automatic mapping providing continuous monitoring of equipment & real time detection of anomalies.
  
  
• Integrate IT and OT security intelligence: Organizations that use critical infrastructures need to dispense with the myth that IT and OT are two separate entities. With the emergence of IoT and analytics use cases to analyse production data, air-gapped environment is no longer realistic. Most of the SCADA attacks we’re seeing today are initiated from the IT world, which can either be through spear phishing, social engineering attacks, infected USB sticks, vulnerability related to the standard IT environment or some other source.
  
  
• Develop Skills and Train people to understand both Systems: The security team of these firms needs multi-skilled persons who can develop an understanding of both IT and OT network security issues. This is, in fact, a rare skill to have: understanding both computer and mechanical systems. Each organization must identify a few individuals and develop their skills, enabling them to formulate a strong security program to identify and remediate threats.
  
  
• Building a cybersecurity resilient program: A resilient organization ensures it has the plans and procedures in place to identify contain or neutralize a cyber-attack, and rapidly restore normal operations. This would be possible if there is an incident response platform, such as Security orchestration and automation which offer a single dashboard displaying all incident details. This can be easily integrated with typical SCADA solutions to monitor both IT & OT threats.

Download Case Study: Protecting Major Metro Rail System from Cyberattack

Cyberbit provides one of the first unified, analytics-driven product suite for advanced, multi-vector threat detection, incident response and simulated training, across IT and OT systems. Cyberbit SCADAShield is the world-leading OT security platform, chosen by critical infrastructure organizations worldwide like airports, energy refineries, manufacturing sector and many more to protect ICS/SCADA networks, electric grids, transportation networks, manufacturing lines, smart buildings and data centres. SCADAShield provides unprecedented OT asset discovery and visibility, detects known OT threats, unknown OT threats, and anomalies, as well as deviations from operational restrictions, by using 7-layer deep packet inspection (DPI).