With regard to industrial cyber, we can no longer hide our heads in the sand
The massive attack on national infrastructures in Australia, only recently publicized, as well as the attack on Israel’s water infrastructure, do well to illustrate the threats prevalent in the world.
Note that when a hostile entity—whether a country or terrorist or criminal organization—wants to launch a cyber attack to collect information, steal data or money, it is successful. These two incidents, from the last month, are just a drop in the sea. Many successful attacks are reported and publicized; however, many more are kept under wraps.
Over the years we have more or less learned to deal with attacks of a criminal nature, such as theft, ransom, etc. We have also learned, although a bit less reliably, with theft of business information and secrets. However, as cyber-attacks expand to the industrial sector and critical national infrastructure (Cyber-Physical attacks), we are compelled to deal with attacks of a different kind, with ramifications and damage on an entirely different scale.
Theft of personal data and credentials so thieves can steal money over the web is one problem. Theft of personal data and credentials so thieves can infiltrate a network running a pharmaceuticals production line is an entirely different problem. Now, instead of a pharmaceuticals production line, say power station, railway network, or airport safety management system, and we have a very serious problem.
In many cases, ordinary cyberattacks are just preliminary steps designed to collect intelligence, user names, and passwords in order to infiltrate existing web security mechanisms – mainly firewalls and user identification systems. It could very well be that the attack reported in Australia was intended just for that. It is also possible that the attack on Israel’s water systems was preceded by attacks that mapped out the control networks, identified users, and located entry points.
Countries, including the State of Israel, cannot risk the potential damage from a combined attack by a hostile entity on their electricity, water, food and pharmaceutical production, their transportation systems, and other infrastructures that modern societies depend on. In the past, such destructive capability involved military assault (with missiles, tanks, and artillery) and all that such assaults entailed — declaration of war, counterattacks, and casualties on both sides. Nowadays, such attacks can be launched from afar, employing virtual weapons to inflict physical damage. Such attacks are hard to locate on time, verify who is behind them, and retaliate against them.
Therefore, at present, when national attack capabilities are clear and imminent, we can no longer hide our heads in the sand and leave critical infrastructures and production facilities without adequate protection. We are targets, vulnerable to attack. The security systems developed for the information age are inadequate for the age of industrial cyberattacks. A revolution is needed with regard to the way we deal with threats and prepare for the next attack.
Cyber attacks only increase in sophistication and severity. Yesterday’s nation-state attack tools and techniques are today’s targeted ransomware and pervasive threat environment. Today’s nation-state attacks are tomorrow’s pervasive threat. This steadily worsening threat environment demands of us a much more rapid improvement, firm decisions, and upgrade of the security of all developed nations’ infrastructure cyber defenses.
For a description of how to secure critical infrastructures defend their sites against even the most sophisticated attacks, request a free copy of the book Secure Operations Technology.