Cyber security concerns all sectors. However, critical infrastructures and services face a major challenge in terms of cyber security. Digital transformation, as well as legal requirements, among many other conditioning factors, demand for greater protection and cyber security for such critical infrastructures.
What are critical infrastructures?
According to the Critical Infrastructure National Protection Plan it can be defined as follows:
“Those facilities, networks and physical and IT equipment the interruption or destruction of which would have a major impact on health, safety and the financial wellbeing of the citizens or on the effective functioning of state institutions and Public Administrations “
In other words, all the infrastructures whose systems, resources and services are fundamental for the development of society, and who ensure continuity in the normal functioning of the services rendered by the state and public administrations.
Also, critical infrastructures are not only the government’s concern, since they encompass sectors such as Utilities, Transport, Chemicals, Telecommunications, Finance, Health, etc. You can see the industries considered as critical:
Critical infrastructures are highly susceptible to cyber attacks
Concern for cyber security is rooted in the continuity of the activity and services rendered to the citizens. A minor interruption of the service could generate a major impact on an organization and, as a consequence, on large numbers of people.
Also, the objective of cyber attacks has, in turn, changed. The financial profit sought after by cyber criminals has shifted to a secondary place; their agenda goes far beyond getting money out of an illegal activity and ambition keeps growing.
The current cyber criminal looks for vulnerabilities in the systems of critical infrastructures in order to gain access to relevant information, and take over an activity or a whole organization and, worse still, to paralyse it or to put activity to an end.
Therefore, security and protection measures become essential in an increasingly complex and interconnected environment which is constantly evolving.
What are the most common problems in terms of cyber security faced by critical infrastructures?
Cyber security relies heavily on internal and external factors. Ensuring quality and the continuity of service, as well as complying with the current legislations forces critical infrastructures to re-think their cyber security strategies.
- Systems that are out-of-date or lack any kind of security.
- Outdated hardware.
- Lack of talent.
- Security gaps since its design.
- Increase of the number of devices connected.
- Network protection.
- Lack of training and awareness.
- Greater number of cyber attacks.
- Grater legal requirements.
How are cyber attacks carried out in critical infrastructures?
The network is the preferred entry point for cyber criminals. They look for methods of entry through the network to launch the cyberattack. They usually do it by means of two common techniques; the first one relies on looking for vulnerabilities in the equipment and systems or installing some kind of malware in the equipment in order to gain control of the critical infrastructure.
Importantly, we must take into consideration that most organizations do not know that they have been infected by malware. Remaining infected by malware for a long period of time is one of the most important risks to take into account.
What are the consequences of a cyber attack against critical infrastructures?
A few months ago, they included an article in El Confidencial entitled:
As we can see, the consequences of a cyber attack can be dramatic; a whole country in a black out, deficient water treating systems, healthcare data leakage, telecommunications network disruption, transport system failure… a never-ending disaster.
Some actual examples of cyber attacks against critical infrastructures
2000 – An upset ex-employee with the access codes
In Maroochy County, Australia, a former employee took over the water company he used to work in, causing a significant sewage water spillage in parks and rivers of the region. In this particular case, the cybercriminal used a laptop and control software which allowed him to carry out his attack.
2006 –2011 Chinese attacks and vulnerable Utilities
The cyber attack Night Dragon disclosed and investigated by McAfee, became a nightmare for Utilities. It was a series of cyber attacks originated in China against Utility companies, so as to gain access to sensitive information and cyber-spy the Utility companies. In this case, cyber criminals designed a phased plan in order to achieve their objective. Their first step was breaking in the public servers (websites), which opened a path towards the organizations internal network. In other words, they launched a series of attacks that permitted them to jeopardise more than 71 organisations.
2008 – Hacked railways in Poland
In 2008 in Poland, a 14 year old boy made 4 trains derail by means of a cyber attack. This youngster studied how the rail control system worked and designed something similar to a remote control with which to control and change the train rail intersections.
2017 – Cyber attack with Triton in Saudi Arabia
Triton malware was used in order to attack a petrochemical plant in Saudi Arabia.
The third and most alarming attack we know of happened in 2017. The cyber terrorists took over a widely known work station in Saudi Arabia. They used a new type of malware called Triton, in order to gain control of the safety instrumented system (SIS). Again, the malware was specially set for industrial control systems, also known as operative technology (OT).
2015- 2016 – The electricity grids in Ukraine, Black Energy and a 6-hour midwinter blackout
This was one of the first cyber attacks and/or cases whose reach affected an essential critical service. In 2016 in Ukraine, thousands of homes suffered a blackout in midwinter. Also, a similar case was registered in 2015. The main triggers of this midwinter blackout were a series of cyber attacks launched against more than 30 power plants in the country. In this case, the hackers looked for a denial of service in the critical infrastructure, interrupting energy generation in such facilities. The investigators of this attack identified it as a case of phishing, by means of which malware was spread and which in turn cause the blackout.
2010 – Suspicious failure in the machines
In January 2010 in the nuclear power plant in Natanz, Iran, the uranium centrifuges started to fail. It was 5 months after that when they realised that it was due to a cyber attack caused by a computer virus. This virus made it possible to attack the programmable logic controllers (PLC´s) taking over the equipment and, as a result, causing failure and disabling the centrifuges. Up to a thousand centrifuges were affected by that cyber attack, and it caused Natanz nuclear power plant to be inactive for some time.
2017 – Finance, transport, energy and other critical infrastructures in Ukraine attacked.
In 2017 Ukraine became paralysed. Transport suffered disruption in its daily activity, airports did not show any information concerning flights, and in the subway the ticket machine stopped working. The government registered failure in its computers, Chernobyl radiation could no longer be measured and the Central Bank of Ukraine is attacked as well.
An almost impossible scenario, but it happened, and the trigger was malware, in other words, a computer virus.
2017 – British health exposed
In 2017, “WannaCry”, the most famous malware, paralysed the functioning of 16 hospitals in the UK, restricting access to medical records of their patients.
2019 – South America spied by Machete
In South America «Machete» a malware discovered in 2010 do not stop expanding. This malware is dedicated to steal data from the Latin American army from its troops. According to experts, the virus was spread through phishing and, after 9 years of life is still alive and keeps infecting equipment’s of Latin American Government.
The list could go on, since many critical infrastructures have been affected by cyber attacks. Also, believe it or not, Spanish critical infrastructures and the government have already been subjected to attempted cyber attacks.
What do data regarding critical infrastructures cybersecurity show ?
According to the data from INCIBE, cyber security incidents in Spain increased up to 6 times in critical infrastructures in the last years. In 2015 134 incidents were identified, in 2017 this figure grew, with 900 cyber security incidents registered. Finance and Utilities are the most affected sectors
Also, according to a study carried out by Accenture in 2017:
“50% of the Utilities’ executives think that their countries could suffer blackouts due to cyber attacks over the next 5 years”
As we mentioned before, the Utilities sector is one of the most susceptible ones concerning cyber attacks. Utilities include the oil and gas sector, the electric grid… among others which provide with critical services.
Why are they considered as critical services and how protect them?
Some hours of inactivity for the Utility companies could means major repercussions for the citizens, starting with leaving millions of people without electricity supply at home, for hours or even for one day or two. That would severely damage the reputation of a company and would, in turn, generate financial loss. It requires a fast responsiveness to face the incidents and restore the service as quickly as possible. Those services can be considered as are highly critical.
Also, the sector evolves with the emergence of Smart Grids, connected to other systems such as SCADAs, IoT…etc. They require greater security monitoring, since they are the entry point for cyber criminals. The combination of IT, OT and IoT are access gates for cyber criminals. Therefore, there is an urgent need for effective strategies in order to secure Smart Grids against cyber attacks.
Ultimately, infrastructure protection is a challenge for the Utilities industry. From the exploitation of resources to user supply, the value chain must be secure.
It is all about being protected against service supply disruption, securing the systems connected as well as prevent the potential financial loss generated by service disruption caused by a cyber attack.
In Open Data Security we are particularly committed to critical infrastructure cyber security, since our inception we have been working for this sector. We specialise in responding to cyber security challenges in oil, gas, electricity supply and renewable energy companies, among others.
In ODS we are experts in cyber security, and we help businesses to go one step further regarding their security.
Contact us and increase the security of your critical infrastructure!