Cybersecurity Series: Managing Risks in Critical Infrastructure (Part 1/5)
As the joint use industry inches closer to a technology-based future, cybersecurity is an everyday concern. In the last few years, there have been incredible innovations in technology: the Internet of Things, Machine-to-Machine communications, smart homes, and interlinked systems. Yet, there is uncertainty and fear around the vulnerabilities of new tech, especially involving our country’s power, broadband, and communications infrastructure. This article will take a look at the recent conversation surrounding cybersecurity for joint use organizations.
Infrastructure is susceptible to threats because it has become a complex system with multiple points of access. ESG research reveals in a survey that 68% of critical infrastructure organizations claim that they experienced one or several security incidents over the past two years.
An urgent focus for all critical infrastructure organizations – which include power, communications, and broadband – is to examine current security vulnerabilities and standards, ensuring they comply with industry best practices to prevent potential attacks.
Challenges to Protecting Critical Infrastructure
- Aging infrastructure
- Using legacy equipment with well-known security vulnerabilities
- Extremely long patch cycles
- Extended replacement cycles
- Limited security awareness
- Ineffective segmentation of enterprise IT networks from operational networks
These issues are made even more pressing by the fast advancing threat capabilities from a range of players. There are four key groups that invade internet security: political activists, script-kiddies, criminal gangs, and nation states. Alden’s IT Manager, David Shaddix, sat down with us to weigh in on the issue. He explains: “these four groups are all real threats to any online environment.”
Recent Cyber Attacks
Recent cyberattacks demonstrate the growing power of threats:
- A Distributed Denial of Service(DDoS) attack on internet backbone provider Dyn used a botnet of tens of thousands of insecure cameras and DVDs (all part of the IoT) to take down a number of popular websites, including Twitter, Netflix, Reddit and PayPal.
- Hackers infiltrated the control system of a dam in Rye, N.Y., just 20 miles outside of New York City.
- A massive power outage that hit the Ukraine was the result of a supervisory control and data acquisition (SCADA) cyberattack, which left 230,000 people in the West of the country without power for hours.
Unfortunately, there’s no turning back the clock of technology. Progress must not be stopped. It continues to advance, and we must keep existing infrastructure safe while planning cybersecurity strategy for an increasingly connected system.
Cybersecurity Best Practices for Critical Infrastructure
David Shaddix explains: “There are many ways to keep our infrastructure secure. For example, at rest data should always be stored encrypted. Multifactor authentication, like having both a password and email confirmation, keeps others from logging into software that stores data.” Shaddix also states, “either have an internal system of penetration testing or use a company you trust to do it. Penetration testing includes eliminating SQL injections or cross-site scripting. End-to-end encrypted communications is extremely important to keep anyone in the middle from listening in on your data communication.”
Here are a few basic key steps that infrastructure organizations can take to better prevent (or at a minimum detect and resolve) cyber threats:
- Assign someone in a senior leadership position to be responsible for cybersecurity
- Consult a trusted company that provides mitigations against top OWASP vulnerabilities, that continuously reviews new attack measures, and that analyzes any vectors that may apply
- Train and empower security personnel to enforce proper access control, strong passwords, and remote access
- Use appropriate equipment segregation, firewalls, and other security devices
- Secure computer equipment and enforce policies, such as use of removable media
- Protect the web app or platform that communicates with device end points
- Secure the data exchanged between IoT devices and the platform
The Future of Cybersecurity and Critical Infrastructure
Stay tuned for future posts that look closely at how changing cybersecurity needs are impacting power companies, telecommunications companies, as well as CATV and broadband providers.
What are your current concerns surrounding cybersecurity and joint use infrastructure? Share your thoughts or questions in the comments below.