An Offensive Mindset for Protecting Industrial Control Systems

There are turning points in each industry that become guides for those working in and leading them. They can serve as an example for what to do in the future or what to avoid in the future but are trajectory-defining either way. It is pretty safe to say that just over a year ago, the critical infrastructure industry experienced one of those points. On May 7, 2021, a ransom note was discovered within the Colonial Pipeline’s IT system. Coupled with a series of other events and threats, this discovery would help set the tone for our approach to industrial control system (ICS) protection and emphasize the need to take on an offensive mindset.

A Year Later – Lessons from Colonial Pipeline

As David Jones wrote for Cybersecurity Dive, “The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.” And a key factor sending them into this frenzy was the Colonial Pipeline breach. Following the uncovering of the ransom note, which was attributed to the DarkSide ransomware organization, the company realized that it was an out-of-date VPN account that allowed the attackers to exploit data and threaten a remote siege of the pipeline’s OT network. Ultimately, the incident led to disruption of fuel supply on the East Coast, forced negotiations and an overall re-evaluation of ICS security.

Included in that re-evaluation was a somewhat new focus on the remote element that played a major role in this and other cyberattacks that unfolded. A trend that was already occurring but fueled by the demands of the pandemic, the transition to remote operations has been increasingly adopted adding both enhanced efficiency and risk. In fact, right before the pandemic even hit, the Ponemon Institute concluded that of 1,726 utility professionals surveyed in October 2019, 54% “expected an attack within a 12-month period,” according to the Cybersecurity Dive article.

Considering these shifts and real-world impacts, it became clear that the energy sector as well as critical infrastructure sectors needed this wake-up call. Since then, many of these sectors have partnered with government and other industry institutions to develop new plans. On top of participating in these actions, Colonial Pipeline has since introduced a CISO role and expanded cybersecurity staff to its ranks.

New Threats – The War in Ukraine

However, it isn’t just an event that occurred a year ago and retroactive responses that are influencing the path forward. One current situation instilling deep fear in cybersecurity experts is the conflict in Ukraine. Not only is Russia’s physical invasion of the country causing destruction, but the potential of a Russian-led cyberattack could cause additional devastation. And that threat doesn’t just affect Ukraine. It surpasses geographic boundaries facing places like the U.S. that oppose Russia and have demonstrated that through actions like sanctions.

While federal agencies have typically been the target of such tension, critical infrastructure has taken an equal spotlight. In a recent panel, state leaders discussed this and how best to safeguard against this growing interest in the wake of escalated suspense. Among participants like Virginia CISO Michael Watson and North Dakota CISO Michael Gregg, it was agreed that ensuring the safety of operations like electrical grids are of the utmost importance and doing so requires private and public sector cooperation in intelligence sharing, as reported by GCN. They also noted that it takes threat anticipation, which is essential as the environment evolves.

Taking on an Offensive Mindset

As we look at the stage being set for ICS security, it becomes more and more evident that playing the defensive role can no longer be our singular course of action. More than ever, it’s time to activate an offensive strategy. There have been steps to implement this. For example, the federal government has expanded its Industrial Control Systems Cybersecurity Initiative upgrading its detection and warning capabilities for the water sector. But as more organizations adopt the offensive mindset, there are a few components outlined in a piece for Help Net Security that operators should remember as they undergo this process.

The first is recruitment. Cybersecurity has a mounting problem in the shape of unfulfilled positions. But if companies are willing to invest in new talent or existing talent that is interested in entering this field, they are opening themselves up to the opportunity for a more well-rounded, creative and fresh workforce that can offer innovative ways to handle industry challenges.

Second is perspective. Anticipating threats also means having a full understanding of what those threats could entail even if there isn’t precedent for it. Therefore, it is important that teams learn to put on their hacker thinking caps. By viewing a situation as a hacker, the types of vulnerabilities become more apparent. Coinciding with this type of understanding is education. Uplifting knowledge and increasing chances to hone skills is a pillar of spreading the offensive approach.

These aren’t the only practices though. A major issue impacting critical infrastructure operators, and manufacturers for that matter, is not having the proper tools to navigate the security of the thousands of third parties that it takes to execute their purpose. For instance, a breach was just carried out on the US manufacturing company Parker-Hannifin Corporation in which an unauthorized third party infiltrated the IT system gaining access to information “related to current and former employees, their dependents and members of Parker’s Group Health Plans,” as described by Infosecurity Magazine.

While overwhelming, overcoming the hurdle of managing third party networks is not impossible. In another article featured on its site, Infosecurity Magazine included suggestions such as putting in granular controls and methods that oversee all user access. Of course, Veracity Industrial Networks is here to help with that task. Our resources are assembled with a keen focus on reducing complexities such as those that often come with expansive tiers of workflow. Make sure to review one of our newest tools, Net-Optix, that streamlines the process of maintaining and securing industrial operational networks so that you don’t have to get lost in the confusion, miss a potentially detrimental vulnerability or take costly steps to proof in the future.

Sources:

Learn about the ultimate solution to protect infrastructure networks, Net-Optix.

Share

You Might Also Like...