In the blink of an eye, it happens. The electricity goes out and you’re left wondering when the backup generator will kick in and rescue you from this unacceptable interruption. Power outages are nothing new and we typically experience them as a result of severe weather, equipment failure, or random power surges. In today’s always-on and always-connected world, you can add cyber threats to the list of potential causes.
Take for instance the morning of April 21, when Los Angeles, New York, and San Francisco each suffered power outages on the same day. Local, state, and federal officials in conjunction with regional power companies sought to assure a frustrated and concerned public that the outages were coincidental and there was no immediate evidence of a cyber attack. The cause of one of the outages was attributed to a fire at a substation while the other two outages were left unexplained.
Government Response to Latest Wave of Cyber Attacks
Recent reports from various agencies such as the U.S. Department of Energy and Department of Homeland Security suggest that critical infrastructure systems such as the nation’s electrical system are vulnerable to an increasingly complex set of cyber threats.
The Department of Homeland Security maintains an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) whose charter is to reduce risks within and across all critical infrastructure sectors. They do this by partnering with law enforcement agencies and the intelligence community and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors.
According to a Federal Report for 2016, the ICS-CERT responded to 290 incidents which included some of the top cybersecurity threats such as spear phishing, network scanning/probing, weak authentication, SQL injection, and abuse of authority. Keep in mind that one successful incident has the potential to send shockwaves across a city, state, or region.
What You Can Do to Protect Networks Under Your Control
With this mounting threat to our critical infrastructure, you require the tools and resources to protect your networks in the event of an unexpected outage. Here are several areas that you should consider when protecting your critical business infrastructure from the types of threats faced by the nation’s infrastructure:
1. Social Engineering and Employee Training
Employees are human firewalls and are a critical layer of defense within your network. The most commonly reported exploit found by the ICS-CERT was spear phishing, an increasingly common tactic used by cyber thieves to gain unauthorized access to sensitive information.
In today’s businesses, employees are deluged with documents in the form of email attachments or links such as HR representatives who receive resumes, accounts receivable clerks who receive invoices, and sales representatives who receive quotes and orders – all potential opportunities for a malicious actor to elicit information from an unsuspecting employee. Security awareness training tools that focus on password protection, access/permission management, phishing techniques, and regulation compliance are highly recommended.
2. Patching and Device Management
Maintaining any system or piece of equipment requires on-going maintenance to insure it is in good working order. Manufacturers are regularly making updates to correct software bugs, improve reliability, or increase functionality. With that said, they’re also trying to close holes in their products before they’re exploited by malicious activity. Regular patch management is critical to failing victim attacks such as WannaCry, which exploited a known vulnerability where a patch had already been available for months.
Additionally, the rise of Internet of Things (IoT) devices introduces a new set of equipment into a network that’s not necessarily built with the same specifications and standards used in traditional IT equipment. For example, the Distributed Denial of Service (DDoS) attack that flooded a major internet provider with traffic, came from unprotected digital cameras connected to various networks.
3. Disaster Planning and Risk Management
This is the area that most companies admit they plan for, but are unprepared for. A successful data breach contingency plan needs to address the location of critical files saved, indicate who needs to be alerted, and how to handle possible critical events.
As with the nation’s critical infrastructure, there are plans for a range of contingencies, and agencies routinely run “what-if” exercises to prepare for different scenarios. The National Institute of Standards and Technology (NIST) offers a framework for cybersecurity of critical infrastructure that can be readily adopted by organizations of all sizes and sectors. CISOs should regularly engage in security assessments to test for vulnerabilities, identify what areas are truly critical, and leverage results for additional funding.
Outages happen, vulnerabilities exist, and you can’t plan for all contingencies, however there are steps you can take to mitigate the risk. Assessments, planning, maintenance, and training are the keys to protecting your critical infrastructure so you don’t blink next time you’re faced with an unexpected event.
About the Author
Tim Ayer is currently a Product Marketing Manager with the Security and Data Protection division at Tech Data. As a 20+ year veteran in the IT channel, he has worked closely with some of today’s leading software publishers and hardware manufacturers to connect with VARs, MSPs and System Integrators.