The Washington-based Center for International & Strategic Studies has a list of significant cyber incidents since 2006. It’s worth scrolling down just to see the sheer scale and number of these attacks.
One of the first to catch the attention of the global public came in 2010, when Iran’s nuclear facility in Natanz was hit by a cyberattack using a program called Stuxnet. The program caused the centrifuges used to create nuclear fuel to accelerate and destroy themselves. It did this by targeting the software that controlled many industrial processes.
Stuxnet demonstrated the ability to use technology to achieve military goals. Since then, gangs have harnessed these abilities to create one of the world’s most lucrative criminal enterprises, ransomware. Often, these gangs work in tandem with security services, allowing them to operate in return for cooperation in developing cyber warfare weapons.
Targeting Critical Infrastructure
Definitions of critical infrastructure differ from country to country. However, they will generally include the following: Chemicals, Communications, Critical Manufacturing, Dams, Defense industrial base, Emergency services, Energy, Financial Services, Food and agriculture, Government facilities, Healthcare and public health, Transportation systems, Information technology, and Nuclear facilities and their by-products.
After devoting much of a rare summit with Vladimir Putin dedicated to cyberwarfare, President Biden declared that “the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge”. Thus, cybersecurity, and deterrence by the development of cyberweapons, is now one of the most crucial national security and international relations areas.
Let’s briefly examine a few “causes célèbre” incidents of attacks on critical infrastructure, highlighting the dangers posed by both criminals and state players.
- Energy: In May this year, there was a ransomware attack on Colonial Pipeline in the US. Though it didn’t target the operational side of pumping oil, the systems were so compromised that the operators shut down the pipeline that carried fuel from Texas to the East Coast and accounted for 45% of all energy used in the Eastern US.
- Water: An attack on a water plant in Florida in February allowed persons unknown to increase the sodium hydroxide in the water by a factor of 100. The plant was using the already unsupported Windows 7! Last year, Iranian-based hackers almost managed to increase chlorine levels in Israeli public water systems. They hacked the control mechanisms of the pumps with potentially fateful consequences. It seems only luck prevented this from happening,
- IT: Last year, Solarwinds, a supplier of IT performance monitoring software, discovered that it sent software updates containing a trojan horse to its customers that enabled full access. As a result, it hit cybersecurity firms, companies, and government departments, including the US Department of Defense . Damage is still being assessed but is estimated to have severely compromised US public security.
Whether deranged individuals, cybercriminals, or state security services, all these attacks occurred due to access gained via gaps in a myriad of complex cybersecurity programs and patches along the supply line.
The internet of things dramatically exacerbates the problem due to an exponential increase in access points. For example, water sensors in agriculture or automatic health sensors for livestock could be interfered with, causing failed crops and poisoned animals.
As Sun Tzu wrote in his Art of War, “concerning terrain of this nature, be before the enemy in occupying the raised and sunny spots, and carefully guard your line of supplies”. In the context of critical infrastructure, this means combining the strategy of Zero Trust, with the new security paradigm of Confidential Computing, and extending it to include Edge Computing.
Zero Trust for Edge computing requires security measures to be as close as possible to the processing, moving network perimeters directly to the applications themselves. Confidential computing protects the data and applications while running and grants only sufficient access for workers to perform their tasks and no more. By adding protection down to the applications and data and dividing responsibilities, no one has overall control.
As the AI revolution gathers pace, protecting these models becomes as crucial as protecting the data sources themselves as changes can have devastating effects.
HUB Security offers a Confidential Computing platform for critical infrastructure combining zero trust approach with a multitude of cutting-edge techniques in a single box located directly where the processing takes place. This shortens the supply lines and increases the strength of security controls, providing immeasurably higher protection. It also increases performance through reduced latency, whilst significantly diminishing opportunities for malicious actors to even attempt to breach lines of defense.