Critical Infrastructure Under Cyber Attack

  • novembre 07, 2022
faucet dripping water

Where Modern Vulnerability Assessments Are Needed, and Accelerating

Cybersecurity attacks have become increasingly persistent and dangerous. No business is immune to attack — and the possibility of threats to vulnerable critical infrastructure is even more alarming.

The 2022 NTT Security Holdings Global Threat Intelligence Report pinpoints the most serious vulnerabilities and where more vulnerability assessments are needed right now. This report, which analyzes data from more than 800 billion logs processed each month over the course of a year, finds that attackers have shifted to critical infrastructure and supply chains.

This is significant. Critical infrastructure attacks have more than doubled, as connection via the Internet/Industrial Internet of Things expands. The attacks on vulnerable assets include not only traditional on-premises, cloud, or hybrid compute and information technology, but also the machinery and operational technology that moves the world.

This includes industrial and supervisory control as well as data acquisition systems (ICS/SCADA) across a wide range of infrastructure supporting manufacturing robotics, energy grids and pipelines, package movement systems, physical supply chain transport, large volume fluid hydraulic systems, and nuclear waste storage transfer systems. According to the NTT study, technology and finance were the topmost targeted industries for attack with manufacturing only slightly behind.

Vulnerability assessment: a job for everyone

Cybersecurity vulnerabilities — and the need to constantly assess them — are no longer only a concern for the information technology department; IoT and IIoT have made cybersecurity a concern for everyone. Pervasive threats warrant timely notifications and a comprehensive understanding and assessment of intersecting vulnerabilities.

Defense tools and processes, a security operations center (SOC), and security information event management (SIEM) solutions for real-time response must be deployed. Integrating security orchestration, automation, and response (SOAR) frameworks and expanding scaled vulnerability assessments inclusive of all available scans, intelligence, predictive models, and other proactive measures are critical to constantly evolving cyber protection.

Vulnerability assessments set the stage for planning, investment, and response to known and anticipated threats – for IT, OT, and all forms of converged electronic data environments. In addition to external scans of Internet-connected networks and websites, assessments must also include internal network, host-based, wireless, and datastore scans, scanning of open source software (i.e. software bill of materials or “SBOM”s), along with facility infrastructure and personnel processes evaluation. These can be constantly updated while continuous monitoring and protections are operational via real-time defenses with AI/ML-assisted technologies. Therefore, there’s no reason not to execute strategic assessments while tactical security practices are continually engaged. Don’t wait; consider managed security SOC-as-a-Service (SOCaaS) capabilities to bolster your strategies.

Federal cybersecurity: new challenges

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) focuses on 16 critical infrastructure sectors. These are business sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” In 2017, an additional sub-sector was added under the Government Facilities Sector to include election infrastructure.

CISA leads accelerated funding, assistance, and collaboration for vulnerability and cyber threat intelligence, planning, assessment and response, with top cover from the recent (May 22, 2022) Executive Order 14028, “Improving the Nation’s Cybersecurity,” addressing both commercial and government (Federal and SLED) critical infrastructure cybersecurity threats. This government-commercial collaboration is evidenced via alerts regarding “APT Cyber Tools Targeting ICS/SCADA Devices” (AA22-103A) — out of the National Cyber Awareness System. Another program generating significant public-private dividends is that supported by NTT DATA providing Cyber Hygiene (CyHy) Services, delivering cyber vulnerability and web application scanning or testing “to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.”

However, government funding and coordinated efforts are only catching up to the rapidly changing synergies and integrated nature of modern data management and AI/ML tools. Bad actors are already exploiting vulnerabilities – where machinery, device, plant operations, and sensor networks intersect directly with business and communication networks, scaling and dramatically increasing the complexity of cyber threat vectors.

These threat vectors include new 5G private wireless networks for very low latency/high throughput data solutions, increasingly popular and useful on factory floors and in any environment with a large volume, variety, and velocity of machine or sensor-generated data. Similarly, these networks can be extended into emerging 6G use cases (multi-modal mixed-reality telepresence and remote collaboration, massive twinning and collaborating robots). A recent Nokia/DOCOMO/NTT announcement describes the growing concern and the increasingly target-rich, growing environment for human and robotic cyber bad actors.

ISC security: the role of NTT DATA

Rapidly-advancing quantum computing capabilities that impact encryption/decryption techniques, expected to make current capabilities obsolete soon, are also an emerging, near-present threat. The ICT industry is responding — for example, NTT DATA’s US-based Cryptography and Information Security Laboratories (CIS) are quickly expanding applied research activities in this area and guiding the global community. This includes recent “Attribute Based Encryption” (ABE) feedback for the White House Office of Science and Technology’s “Advancing Privacy-Enhancing Technologies” RFI.

NTT DATA and our partners are rapidly expanding and integrating vulnerability assessments, penetration testing, and full-lifecycle cybersecurity strategies across high-value assets in corporations and public sector agencies in the U.S. and worldwide. We are currently addressing, among many challenges, the 17 CISA-targeted Critical Infrastructure segments and the top 5 targeted industries identified in our 2022 Global Threat Intelligence Report (technology, finance, manufacturing, education, and transport/distribution).

 

Find out more about NTT DATA’s cybersecurity services in the Federal Government and Public Sector, along with all our Homeland & National Security-relevant IT services.

Subscribe to our blog

ribbon-logo-dark
Ted Headshot
Ted McLaughlan
Ted McLaughlan is a Solutions Executive with NTT DATA's Federal Services business unit, helping design, deliver and sell complex IT solutions for federal agency missions. After graduating from UVA, Ted spent the next 30+ years developing skills and expertise in all facets of enterprise IT architecture and engineering, with particular focus in the areas of IT Governance & Planning, Information Management & Security, plus User Experience (UX) & Communications. Most recently, Ted's public sector focus aligns with Homeland Security, Secure Civilian and Healthcare-related agency missions.

Related Blog Posts