Cybersecurity experts consider the May 2021 ransomware attack on Colonial Pipeline, which operates the largest fuel pipeline in the US, as the most significant cyberattack on critical infrastructure in US history. The attack resulted in a shutdown of all operations for almost a week, and the impact was felt nationwide as gas distribution was severely affected throughout the East Coast.
It’s a worrying picture. Critical infrastructure refers to the physical and cyber assets, systems, and networks essential to the economy and society’s functioning. And they’re considered critical precisely because their disruption, destruction, or incapacitation could severely impact our national security, public safety, or economic well-being. To think one cyberattack could leave us so vulnerable is a terrifying thought.
As a result, this incident served as a wake-up call. But what does this attack tell us about the current state of industrial cybersecurity? And does it reflect a one-off episode or a rise in persistent attacks on critical infrastructure? And lastly, what can companies in the manufacturing and industrial sectors do to mitigate cyber risks? Let’s get into it.
How Common Are Cyber Attacks on Critical Infrastructure?
More common than you think. These attacks happen frequently, but many are never reported. Of course, the high-profile Colonial Pipeline attack was reported and was met with widespread concern. The attack directly impacted the availability of gasoline at gas stations, leading to panic buying and shortages across the East Coast.
In response to the Colonial Pipeline attack, President Biden declared a state of emergency and signed Executive Order 14028, which aims to improve cybersecurity collaboration between the government and private sectors. The order focuses on sharing threat information and lays out a framework for how organizations can defend themselves against cyber threats. The executive order also establishes a Cyber Safety Review Board to investigate major incidents and identify ways to improve cybersecurity practices.
But the Colonial Pipeline attack was not the only example of critical infrastructure attacks in recent years. For example, in the summer of 2021, malicious actors successfully targeted the UK water company South Staffordshire Water. They gained access to the systems that control the level of chemicals in the water. The attackers also leaked customers’ personal data. Although luckily, the IT team detected the attack before hackers could impart any significant damage.
In December 2022, Germany’s multinational industrial engineering and steel production company, ThyssenKrupp, suffered a massive cyberattack that caused disruptions to its production processes. The attackers used ransomware to lock the company’s systems, demanding a ransom payment to restore access.
But how dire is this situation? Are attacks becoming more frequent? Alarmingly, yes. Microsoft has observed a significant increase in cyberattacks targeted at critical infrastructure over the past year. Specifically, the proportion of nation-state attacks targeting critical infrastructure doubled from 20% to 40%. The spike in these attacks was attributed mainly to Russia’s objective of causing damage to Ukrainian infrastructure and conducting aggressive espionage against Ukraine’s allies, including the United States.
OT Network Security is a Challenge Globally
Modern warfare goes beyond traditional physical weapons. Computers and information networks now play a crucial role in military operations, making cyberattacks a potent weapon in any nation-state’s arsenal. Russia is all too aware of this fact and has a long history of using cyberattacks in its modern conflicts.
For example, Russia was behind the extensive 2015 attack on Ukraine’s power grid during the annexation of Crimea. And in 2017, they let loose the NotPetya data-wiping virus that infiltrated almost every Ukrainian network before spreading across the world. NotPetya was one of the most devastating cyberattacks in recent history.
But Russia is not alone in marrying political and physical aggression with cyberattacks. For example, Iranian actors conducted destructive attacks against Israel, the US, and EU targets. These ransomware and hack-and-leak operations included US critical infrastructure targets like port authorities.
Meanwhile, North Korea launched a series of attacks to steal technology from aerospace companies and researchers worldwide and gain access to global news organizations and Christian groups.
Lastly, China increased its cyberattacks to counter the US’s growing interesting in Southeast Asia, targeting intergovernmental organizations, global south nations, and the systems of the Solomon Islands government. Perhaps most concerningly, China’s cyberattacks often leverage “zero-day vulnerabilities” – previously unknown security flaws in software that the vendor has not yet patched.
OT Network Security Strategies in the Industrial & Manufacturing Sectors
Various organizations fall under critical infrastructure. Energy, water, transportation, communications, financial services, healthcare, food, and agriculture typically get the most attention. However, many other manufacturing and industrial facilities can be considered critical infrastructure, depending on their importance and impact on society.
By implementing these cybersecurity tips and best practices, companies in the industrial and manufacturing sectors can significantly reduce their risk of cyber threats and protect their critical infrastructure.
- Implement robust access control mechanisms to ensure that only authorized personnel can access sensitive systems, data, and devices. Specifically, utilize identity-based access controls to grant access to individuals based on their organizational roles and responsibilities.
- Enforce strong password policies and multi-factor authentication to prevent unauthorized access to systems and applications. The most robust forms of MFA typically involve three or more factors, e.g., a password, a physical token (like a smart card), and a biometric factor (like a fingerprint or facial recognition).
- Employ endpoint security solutions, such as anti-virus software and firewalls, to detect and prevent malware and other malicious activity.
- Implement OT network security solutions, such as intrusion detection and prevention systems, to monitor and protect operational technology (OT) environments.
- Adopt a zero trust security model, which requires verifying and authorizing all network traffic, regardless of its source, before granting access. Zero trust assumes that all network traffic is untrustworthy by default.
- Regularly conduct security awareness training for employees to help them identify and report potential security threats and vulnerabilities.
- Perform regular vulnerability assessments and penetration testing to identify and remediate company security posture weaknesses.
- Develop and maintain an incident response plan that outlines the steps to take in the event of a security breach or cyberattack.
Cyber attacks on critical infrastructure are becoming increasingly frequent and more severe, as highlighted by recent high-profile incidents. Industrial cybersecurity is crucial to mitigating these risks. Companies in the manufacturing and industrial sectors can protect their critical infrastructure by implementing access control, strong password policies, endpoint security solutions, and OT network security solutions. As cyber threats continue to evolve, it is vital to remain vigilant and proactive in ensuring the security of our critical infrastructure.
Try Portnox Cloud for Free Today
Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!