Jason Jaskolka, Assistant Professor in the Department of Systems and Computer Engineering at Carleton University, recently posed the question, “What would happen if you could no longer use the technological systems that you rely on every day? I’m not talking about your smartphone or laptop computer, but all those systems many of us often take for granted and don’t think about.” This is an important question because it speaks to the critical infrastructure concerns that we face today. If the large-scale systems that support our everyday functions were to become disrupted, what would we do?
As Canada’s National Strategy for Critical Infrastructure defines it, critical infrastructure is made up of the systems essential to our health, safety, security and economic well-being, and they have been put to the test with a series of recent cybersecurity attacks. The US Cybersecurity and Infrastructure Security Agency released an alert in early October that warned of such risks, particularly those impacting water facilities. We saw an example of such an incident earlier this year when there was a failed attempt to tamper with a water supply system in Florida. The existence of these vulnerabilities combined with the fact that a recent survey conducted by cybersecurity firm Fortinet found that more than 90% of organizations using operation technology systems have experienced some sort of cyber incident in the past year, proves that our continuous push for greater infrastructure security is absolutely necessary.
Aaron Raj put it well in an article for TechHQ when he wrote, “The reality is, cybercriminals are aware of the vulnerabilities of most of these organizations and are waiting for the right time to launch an attack.” The problem is, those responsible for overseeing the systems are not always as aware. In the same article, Raj noted that a report titled “The Abysmal State of Global Critical Infra Security: Supply of Gas, Water & Government Services at High-Risk,” which focused on India but reflects a broader issue, concluded that many operators and governmental entities are not thoroughly versed in the security make-up of their operational technology networks.
In his piece, “Cyberattacks to critical infrastructure threaten our safety and well-being,” Jaskolka suggested that a major hinderance to this understanding is the sheer complexity of these critical systems especially as the number of devices and connections continue to grow. In order to simplify the approach to security, Jaskolka and his team at the Cyber Security Evaluation and Assurance (CyberSEA) Research Lab at Carleton University are studying the vulnerabilities associated with implicit interactions, which are unplanned interactions among system components, according to his article. They hope to further develop tools that assist in identifying these occurrences. At Veracity, we are also working to de-clutter the security process through the creation of Net-Optix™. With Net-Optix™, we are offering networking professionals the opportunity to securely and simply manage their OT operations. To learn more about the program, visit https://veracity.io/an-introduction-to-net-optix/.
- “Cyberattacks imminent as industrial safety vulnerabilities loom large” – Aaron Raj, TechHQ
- “Cyberattacks to critical infrastructure threaten our safety and well-being” – Jason Jaskolka, The Conversation