Vulnerabilities and threats related to Critical Infrastructures have been recognized risks for a long time. From disruptions to a nuclear power plant to an exposed electrical grid, both public and private institutions hold the responsibility of protecting the public from potential cyberattacks. This is why Critical Infrastructure Security is essential for protecting citizens against natural disasters, terrorist activities, and harmful cyber-threats.
Attacks on Critical Infrastructures present novel and sophisticated scenarios that can put entire populations at risk. From the 2017 Shamoon malware attack on Saudi Arabian oil giant Aramco to the 2019 ransomware attack causing production stoppage in Norway, the last decade has seen its fair share of Critical Infrastructure attacks.
In today’s connected environments, digital and physical systems are converging and creating a sleuth of new cybersecurity concerns. In one study, researchers found that a hypothetical attack on the US power grid could lead to a 70-90% percent casualty rate within 12 months. That’s why having a Critical Infrastructure Protection (CIP) plan in place can help organizations prepare for and prevent serious incidents involving Critical Infrastructure environments.
With all this in mind, here are the top five risks and threats to Critical Infrastructure Security every organization should be prepared to defend against in 2020.
1. Network Segmentation
Network segmentation is an architectural approach that divides a network into multiple segments allowing network administrators to control the flow of traffic based on defined admin policies. When there is a lack of network segmentation, bad actors can run amuck inside an organization’s network infrastructure and gain access to valuable assets, such as personnel information and highly confidential intellectual property.
2. DDoS Attacks
DDoS attacks have the potential to cripple an organization’s Public Cloud Infrastructure and affect the availability of enterprises that run Critical Infrastructure in the cloud. This kind of malicious attack can be debilitating for any organization, slowing systems down or timing out requests while consuming large amounts of processing power.
Today’s attackers have improvised increasingly sophisticated ways of carrying out an assault before hundreds of thousands of automated requests for service can be detected and screened. This makes it difficult for IT professionals to detect which components of incoming traffic are from bad actors and which are from legitimate users.
3. Web Application Attacks
Since traditional OT systems such as human-management interfaces (HMI) and programmable logic computers (PLC) are increasingly connected to the network they are also accessible via remote access making them particularly vulnerable. Unprotected and exposed systems are vulnerable to cross-site scripting and SQL injection attacks.
Organizations are recommended to use Content Delivery Networks (CDN) and Web Application Firewalls (WAF), as well as share crucial resources with administrators while performing regular security audits in order to identify vulnerabilities.
4. Malware Attacks
Malware attacks can have a devastating effect on Critical Infrastructures in 2020. With ransomware the choice of weapon for many hackers, it’s unlikely the trend will let up going into 2020. Attacks on U.S. cities in 2019, including Pensacola, Riviera Beach and Lake City, shut down public services, like government email and even emergency services.
Malware can result in data loss, cripple devices, and shut administrators out of systems in return for an oftentimes large ransom sum. Just a few examples of malicious malware include NotPetya, Stuxnet, Shamoon, and Dark Seoul. That’s why it’s critical that OT Systems which are vulnerable to attack should incorporate anti-malware protection, host-based firewall controls, and patch-management policies to reduce exposure.
5. Command Injection and Parameters Manipulation
Query and command injections are one of the most devastating classes of vulnerabilities that exist. Command injection can occur when unverified, user-controlled input is passed as valid input for execution calls. The danger occurs when dynamically built commands are leveraged by an attacker to perform arbitrary execution on underlying operating systems.
Unsanitized data which was not verified as legitimate system traffic gives attackers the power to execute arbitrary system commands on OT systems by simply appending additional commands to the intended command string. Similar to SQL injection, the starting point of this kind of threat begins when the system is unable to properly validate user input.
What You Can Do
Having a Critical Infrastructure Protection plan in place can help organizations prepare for and prevent serious incidents involving Critical Infrastructure environments. To protect against an ever-growing number of threats, security experts must re-examine the integrity of Critical Infrastructure systems regularly, ensuring they hold up against unique threats and attacks.