Cybersecurity for critical infrastructures
As the world battles the spread of the COVID-19 virus, the actions of cyber criminals have continued unabated. Today it's not uncommon to hear about cyber-attacks against the critical infrastructure of countries around the world. And, due to the role critical infrastructure plays in a nation's well-being, their security and resilience are a growing concern among governments. In light of growing cybersecurity threats to national assets and infrastructure, India has decided to issue a National Cybersecurity Strategy that would holistically cover the entire cyber ecosystem in India. India also has a Computer Emergency Response Team (CERT-In) since 2004, which is the national nodal agency for responding to computer security incidents. In the Information Technology Amendment Act 2008, CERT-In has been designated to perform emergency measures for critical security incidents, among other cybersecurity functions.
Why target critical infrastructure
Critical infrastructure is a group of systems and networks that are essential for the continued operation of a nation. Sixteen critical infrastructures span every sector ranging from financial services, energy, communication, food and agriculture, healthcare, and emergency services, among others. Needless to say, they play a vital role in helping a country function smoothly and should be kept safe from internal and external intrusions.
Unfortunately, an uptick in cyber adversary activity, such as ransomware has been detected since the first wave of the pandemic. Some of these attacks have been against critical infrastructure. For example, in May 2021, one of the largest pipelines in the United States, Colonial Pipeline, which carries about 45 per cent of all fuel consumed on the country's East Coast, was compromised using malicious software. It disturbed fuel supplies and caused a hike in gas prices in some parts of the country.
In fact, in the first half of 2021 CrowdStrike has observed $164M in ransom demands with an average cost of $6.3M.
Media reports confirm there have been a number of such incidents across the globe, including in India. For example, the state-sponsored attacks that caused the blackouts in Mumbai in October 2020 and the blip in National Stock Exchange (NSE) earlier this year.
These core assets become a target for online threats due in part to our interconnected world leading to a growth of threats to industrial control systems and operational technology. And, they will continue to be vulnerable unless steps for safeguarding are applied immediately. With these increased attacks, government agencies realize the need for stringent cybersecurity measures.
Visibility across the threat landscape
To get a better view of the security of networks, just meeting compliance requirements is not enough. It can put any country at a considerable disadvantage. Instead, government agencies
should adopt threat hunting and look for unknown threats and attack behaviours proactively. It will allow a more comprehensive view of the threat landscape and enable them to stay ahead of any attacks. In addition, it will further improve their ability to thwart breaches.
For example, in December 2020 a major supply chain software attack infiltrated the U.S. public sector and adjacent industries. These supply chain attacks allow malicious actors the ability to penetrate into multiple downstream targets of interest from a single point of origin. In addition to software-based attacks, such as the one that affected SolarWinds, supply chain attacks can take the form of hardware or third-party compromises too. This means anyone on the network is exposed to threats.
CrowdStrike has been highlighting these threats for several years now and believes they will continue to be a major intrusion vector, especially in the public sector. To stay ahead of such adversaries it is vital to go beyond regular perimeter protection tactics and have comprehensive oversight over any weak links in the supply chain and implement the right response actions.
Cybercriminals are remarkably persistent – whether the goal is monetary gains, compromising data, or causing operational unrest. Therefore, it is essential to continue threat hunting for attack indicators while learning about new tactics. In addition, continuous threat hunting provides helpful context and better situational awareness, which leads to more informed decisions and quicker mitigation of attacks. Further, any internal holes can be identified preemptively and fixed.
Again, speed is critical here, and there is tremendous value in embracing proactive threat hunting. Moreover, adding these tactics to risk management sets a higher standard of accountability for protecting public sector data against the ever-growing number of cybercriminals.
During a time of uncertainty, the importance of a modern cybersecurity strategy for securing the country's digitally connected critical assets remains critical
For the first time, cybersecurity for critical infrastructure was discussed at the latest United Nations Security Council (UNSC) meeting. Countries worldwide realize that this modern warfare needs rules of engagement. And, they are evaluating the global cyber law framework with utmost seriousness.CrowdStrike’s 2021 Global Threat Report found that in 2020, cyber- enabled regional espionage blossomed in South and Southeast Asia. Adversaries frequently used spear-phishing to deliver malware to targets in South Asia, especially India, for purposes of spying, information theft and activity monitoring. Indian foreign secretary Mr Harsh Vardhan Shringla also told the UNSC that cyber tools were being used to compromise state security by
‘attacking critical national infrastructure.’
During a time of uncertainty, the importance of a modern cybersecurity strategy for securing the country's digitally connected critical assets remains critical. Nefarious cyber agents are increasingly motivated to take advantage, and now more than ever, government agencies
should take the opportunity to implement clear guidance to reinforce an ecosystem of protection which is most important for safekeeping national data in this time of crisis.