Pamela Warren (Global) - Securing Critical Infrastructures

Over the last decade, cybercrime has evolved in sophistication and pervasiveness. Attacks are being designed to steal sensitive data from individuals, businesses and even critical infrastructures across nations. Critical infrastructure refers to computer systems of vital economic and national importance; such as power grids, railways, nuclear energy plants. etc. These make strong targets for criminal threats, industrial espionage, and politically motivated sabotage. This trend is clearly reflected in recent incidents such as the Stuxnet worm (which is known to have attacked utility companies largely in Iran & Indonesia) and the Night Dragon attack (which involved spear phishing techniques targeted at oil and gas/petrochemical companies).

This year, McAfee and the Center for Strategic and International Studies conducted research showcasing the cost and impact of cyber attacks on critical infrastructures. Some key findings from the report include:

  • Weak Security adoption: India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. Currently, only 60% Indian respondents claimed to deploy a threat monitoring service, while using software update and patch management service.
  • Cyber attacks still prevalent: 80% of global respondents confessed to having faced a large-scale denial of service attack (DDoS), and a 1/4 reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.
  • High frequency of extortion attempts: 1/4 global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks. The number of companies subject to extortion increased by 25% in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. In terms of India, 60% of the respondents have been victims of extortion or cyber attack in the past two years.

While not all targeted attacks have a completely prescriptive process, they generally tend to follow a pattern. Firstly, they tend to gather intelligence about your organization and penetrate your defenses with social engineering techniques, engaging unsuspecting employees. After this step, they establish a covert backdoor into your network with malware, and set up a communication channel for good command and control communication, to and from your network. As a means to execute the goal, they either ex-filtrate your data or take control of your critical systems.

To protect your critical industries from these targeted attacks requires a higher level of sophistication in your network security posture. Here are some ways in which you can create a comprehensive risk-based approach with stronger network controls.

  • True protection of critical sectors must embrace all three areas of your networks: IT, operations and new smart grid projects, regardless of reporting chain. It is best to appoint a single security authority who has responsibility for all three network areas rather than having a silo approach. 
  • Make sure to formulate a strong data governance framework which classifies data as per its value. Only then can you orchestrate a meaningful plan to protect your most critical data in all of its forms: whether at rest on the network, in transit within/to/from the network, and in peripherals and mobile devices. 
  • Hackers may attempt to infiltrate your systems through weaknesses of your suppliers as well. Hence you shouldn't ignore when your critical vendors alert you about a newly discovered vulnerability, or if they themselves have been the victim of an attack. 
  •  As new devices and applications are added to your network, and as your control systems become IP-enabled, you need to maintain the ongoing means of vulnerability assessment so that you can understand announced vulnerabilities within the context of your own existing protection measures. 
  • Application whitelisting is a category of solution that is growing in demand from the critical sector community. These solutions can block *all* unwanted executables except for a short list of pre-approved applications and are appropriate for devices that run only limited applications. Rather than a traditional anti-malware "blacklisting" approach, they don't seek updates on all "bad" code to block, but instead merely thwart anything not on the short list of "good' or accepted application execution. This technology, in particular, is very good for control systems running our electric grids, oil/gas networks, water systems, transportation systems, and mining operations.
  • Last but not least, consider your future purchase decisions wisely and adopt sound security industry best practices. If you are one of the highly-targeted critical industries, make sure this is high priority.

By Pamela Warren, Cybercrime Strategist & Director, Global Public Sector and Critical Infrastructure initiatives, McAfee




« Michael Crandell (US) - Digital Learning in the Cloud: Pearson's Challenge Part 1


Will Mutua Mworia (Africa) - Africa Social Networking/Social Media Pulse Check »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?