Securing Critical Infrastructure: A Cyber Security Call to Action

A new twist on resource exhaustion causes new debate about TCP security.(IMG:J.Anderson)

The heat is on when it comes to protecting critical infrastructure in the United States. Unless the industry takes major steps to bolster its overall cyber security, 2012 could be the year hackers cause major disruptions that impact thousands of people.

In November 2011, the deputy assistant director of the FBI's Cyber Division, Michael Welch, told a London cyber security conference that hackers had recently accessed the critical infrastructure in three U.S. cities by compromising the internet-based control systems.

Around that same time, separate reports surfaced regarding hacks into water utilities in Illinois and Texas.  These incidents likely led to a reissued warning in December by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS). This warning was targeted to control system owners and operators addressing their potential vulnerability to cyber intrusion and attack mainly through their remote access and monitoring systems, which often have no firewall protection and weak authentication systems.

These recent incidents highlight concerns shared by many when it comes to cyber security practices and standards employed in the defense of critical infrastructure.  Since American Presidential Directive PDD-63 concerning Critical Infrastructure Protection (CIP) was enacted in May of 1998, progress has been made. However, one has to question whether we’ve caught up or fallen further behind.

In fact, these recent attacks against critical infrastructure have led many officials in Washington to introduce cybersecurity legislation that could give the Department of Homeland Security power to enforce cybersecurity standards for critical infrastructure companies. And while no new legislation has been enacted, it is good to see that the federal government is taking this matter seriously and hopefully this increased awareness can lead to action from critical infrastructure companies on this matter.

The increasing connectedness of infrastructure not only makes us more vulnerable to cyber security attacks but increases the cascading effect an attack can have on other infrastructure sectors and capabilities. When PDD-63 was enacted, it’s likely those same hacked water utilities weren’t even accessible via the Internet. Today, much, if not most, of our critical infrastructure is either directly connected to the Internet or indirectly via corporate networks that are.

The critical infrastructures public utilities provide make them a target of interest for a variety of threats.  The catalysts behind these threats fall into the following primary categories: cyberwar, cyberterrorism, cybercrime, and hacktivism.

The United States is the super power of cyberwarfare, however, we are not alone in the possession of these capabilities. As other countries have evaluated their offensive and defensive warfare postures, cyberwarfare has become a fundamental capability of most. Cyberwarfare is a unique and powerful weapon. It can provide a meaningful deterrence against countries with superior conventional forces. If a country were able to demonstrate the ability to bring down another’s countries energy grid, that countries military and diplomat options could be significant constrained and influenced.

While the threat of cyberwar might seem alarmist, it cannot be ignored. The United States has in the neighborhood of 20,000 cyberwarriors. China and Russia have similar numbers. Most European nations have forces along with bad actor nations such as North Korea and Iran. Our country and others would not be investing in training and maintaining cyberwar forces if these threats were not real.

Cyberterrorism poses a similar threat as cyberwarfare. The main difference between the two is resources and capabilities that can be applied. However, a cyberterrorist organization colluding with a nation state or criminal interests could be a potent threat.  However, unlike nations, cyberterrorists do not concern themselves with international laws against targeting civilians or civilian infrastructure.

Cybercrime and hacktivism are two other threats utilities need to be concerned with. 2011 was a banner year for cybercriminals.  Able to leverage a significantly mature cybercrime supply chain, an increasing number of companies found themselves targets as cybercriminals had more options and means of monetizing their illegal activities.  2011 was a defining year for the hacktivist as well with many government and corporate networks targeted in support of various social causes.

The reasons a cybercriminal or hacktivist might target a public utility are different. The prior might do so in an effort to extort money less services be disrupted.  Insider threats must also be considered whether acting on their own (i.e., fraud) or in voluntary or forced collusion with another.  A hacktvist might target a utility in support of environmental activism or other social causes deemed to be unseemly in the eyes of activists.

Regardless the type of threat, their target is most often the ICS/SCADA environments that support the core services utilities deliver.  A fundamental challenge utilities face is that ICS/SCADA was not designed to be secure. Much of the existing infrastructure was developed and implemented prior to the rise of the Internet.  Security was most often thought of in the physical sense.  Nobody imaged ICS/SCADA devices and their associated serial protocols would later be converted to Internet Protocol (IP) and made accessible to untrusted networks.

Many ICS/SCADA devices employ very basic, easily defeated authentication methods. They transmit data in clear text and have limited or non-existent logging capabilities.  Furthering the challenge, ICS/SCADA devices employ proprietary operating systems and legacy CPUs where integrated security capabilities are hard if not impossible to introduce.

Fortunately, with focus and resources applied, ICS/SCADA can be secured.  The approach to securing ICS/SCADA is similar to securing any high value cyber asset with a few notable differences.  Because the primary operational objective of ICS/SCADA is availability, changes to existing infrastructure might not be possible or feasible in support of typical best practice security design.  Introducing traditional network security devices may not be feasible based on network latency concerns.  Installing security software directly on ICS/SCADA devices is most often not an option.  For these reasons, an approach of protective monitoring must be taken.

A protective monitoring approach to security requires the deployment of typical preventative technologies (e.g., firewalls, IPS, anti-virus, etc.) where possible while introducing aggressive real-time monitoring practices across the IT infrastructure supporting high value cyber assets.  The objectives of a protective monitoring approach are to: deflect attacks whenever possible, identify successful or pending breaches automatically and in real-time, provide effective situational awareness and intelligence around a breach, and enable swift remediation actions.

Of course technology is not enough by itself.  Effective organizational process must be implemented to support responding to an incident in a timely and effective manner. Organizations that do not possess the internal capability of designing, implementing, and maintaining effective technology and process might want to consider a Managed Security Services Provider (MSSP) to help them fill organizational capability gaps. 

Unfortunately, it is likely to only get worse for utilities when it comes to the threat landscape.  Nation States will continue to test and hone their cyberwarfare capabilities.  Cyberterrorist capabilities are likely to rapidly improve and critical infrastructure is an ideal target when it comes to low-risk, high-impact strikes.

Cybercriminals continue to look for new ways to steal and extort.  Hacktivists seem to get bolder by the day and some utilities will likely find their ire.  Fortunately, taking a protective monitoring approach to securing ICS/SCADA environments is an extremely effective way to thwart these and other threats.

One can only hope that recent events will serve as a wakeup call and have a big impact on policy makers across the private and public sector. The infrastructure we rely on that enables our country to operate and to defend itself is vulnerable. The time to act is now.


Chris Petersen is CTO and co-founder of LogRhythm, a log management and SIEM vendor based in Boulder, Colorado. The thoughts presented in this article are the authors, and do not necessarily represent those of the staff at The Tech Herald or the M&C network.


Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.