In the last few weeks, tensions between Russia and Ukraine have heightened, and leaders worldwide have started preparing for the consequences that could occur if an invasion takes place. The UK government is already engaged in talks with both countries, and this involvement could potentially put the UK in the firing line of attacks and threats associated with the conflict. As a result, in late January, the National Cyber Security Centre (NCSC) warned UK organizations they must work to improve their resilience against malicious cyber-attacks as tensions between the two countries mount.
The guidance is primarily aimed at large businesses. However, when considering attacks that could have the most significant impact and cause the most damage to the UK, operators of essential services (OES) are a prime target.
Operators of essential services form the foundation of the efficient running of society. Oil, gas, electricity, transport, healthcare and water are just some of the sectors that make up the UK’s OES. If a successful cyber-attack was carried out on one of their networks, the consequences to society would be vast.
These organizations must prioritize their defenses against attacks, putting the correct mitigations in place and hardening their networks against malicious attackers. However, when it comes to securing their environments, they present unique challenges which add significant complexity to the task.
The Complexity of Industrial Networks
Driven by gains in operational excellence, customer satisfaction and digital transformation, once stand-alone or loosely connected plants and machinery are becoming highly connected with corresponding reductions in the number of operational staff now required.
However, adding connectivity to plants means machines can be reachable from the outside, granting cyber-criminals a path into the networks of OES.
Industrial organizations have been looking to reduce this risk, but many face challenges as re-architecting their environment is often not easy, timely and resource-constrained. Some machines are also too critical to take offline to apply security updates or mitigations. Often these legacy machines are so outdated that if they are switched off, there are no guarantees they will ever turn on again. Such machines are often no longer under security support from their manufacturer, or their manufacturer doesn’t exist anymore. The fallout from this could mean no water, gas or electricity for households, a risk no organization wants to take. Secondly, many organizations have no real understanding of what assets are even running in their environments as they have no tools to carry out network inventories.
These challenges mean industrial organizations often have weaknesses in their networks that attackers could easily exploit. So, how can they reduce the risk?
Protecting Operators of Essential Services against Cyber-Attacks
Despite the challenges, there are still important steps industrial organizations can take to improve their resilience against cyber-attacks. It all comes down to preparing and developing a security program that spans people, processes and technology.
Employees must be briefed regularly on security threats and the techniques deployed by cyber-criminals. Employees are an organization’s first line of defense, but they can also stand to be its greatest weakness if they are not educated on security. This means training and growing personnel with the needed skill sets to improve cybersecurity is vital and allocating enough budgets to ensure they are properly equipped to recognize and mitigate potential threats.
From a process perspective, OES should aim to build security into internal processes. They should run regular incident response training to identify weaknesses and secure them, discuss security frequently and carry out assessments as digital transformation efforts accelerate, making sure no devices are running with default passwords and limit the number of administrator logins within environments.
When it comes to technology, there are essential solutions that OES can deploy to protect their networks. These tools can help with asset discovery and visibility to ensure all devices within the environment are tracked and secured, and there are no monitoring gaps. They can also assist with network segmentation to ensure attackers cannot perform lateral movement. These tools can also help patch vulnerabilities and detect and prevent malware from getting onto systems.
It is unclear how the situation between Russia and Ukraine will unfold, so industrial organizations must start preparing for attacks now by hardening their systems and developing a defensible architecture. After all, when it comes to defending against cybercrime, preparedness is one of the most important elements for an effective response.