Code War & Defending Critical Infrastructure

As ransomware attacks reach record-breaking highs, the lines between nation-state threat actors and other highly motivated attackers have been blurred. Likewise, the lines between information technology (IT) and operational technology (OT) have been converging in a way that leaves industrial control systems (ICS) more vulnerable than ever before. Critical infrastructure protection has never been more urgent.

The United States and Russia have a long and storied history of saber-rattling and proxy wars throughout the Cold War, from the Cuban Missile Crisis to the fall of the Berlin Wall, with global tensions escalating with the Russian invasion of Ukraine. Prior to the invasion, the DHS released a bulletin warning state and local governments and critical infrastructure organizations across the country that Russia may launch direct cyberattacks on the U.S. if it perceives actions by the U.S. or NATO as a threat to its national security.

As tensions with Russia mount over Ukraine, the Biden administration has been preparing for a different sort of conflict. One that will be fought over bits and bytes instead of land and sea.

More Cyberattacks in the Pipeline

For more than a decade, the United States has been defending itself from nation-state threat actors, known as advanced persistent threats (APTs). In 2021, ransomware attacks reached an all-time high, including a high-profile attack against Colonial Pipeline that resulted in a real-world gas crisis and mobilized federal agencies into action. A significant number of hacking groups, such as REvil, APT28, APT29 and Conti, operate out of Russia, but the Russian government has, until recently, turned a blind eye to them.

Considering the impact of the Colonial Pipeline attack, threat actors are almost certainly developing new techniques to disrupt the operations of critical infrastructure. If previous attacks were designed to achieve irreversible operational “wiping” of organizations, now the FBI has warned that the next wave of these attacks could emerge as “killware” – malware intended to cause physical harm or loss of life. The Oldsmar attack in 2021 is an indication of this trend, with an attempt to poison the water supply.

The recent hostilities between Russia and Ukraine have sparked escalation with these nation-state attacks, transforming into highly visible cyber warfare. In mid-January, dozens of Ukrainian government offices were shut down in a series of synchronized ransomware attacks. Days later, and with timing that evoked skepticism, Russian officials cracked down and arrested members of the REvil ransomware group, with arrests continuing into February. Hostilities continued escalating, with hackers hitting the Belarusian rail system with ransomware, in protest of the country’s assistance with the mobilization of Russian troops. The recent weeks have shown a tipping point from covert operations to highly visibly hybrid warfare, combining assaults by armed forces, together with cyberattacks designed for infrastructure disruptions, including massive DDoS attacks on Ukraine’s military agencies and financial institutions. Hostilities now seem to be leaking outside of the conflict zone, with Viasat reporting cyberattack-induced satellite network disruptions in Europe, causing communications outages to thousands of wind turbines.

Zero-Trust and Beyond

The U.S. Executive Order on Improving the Nation’s Cybersecurity from May 2021 steered public entities in the direction of zero-trust and even went beyond that by institutionalizing the concept of the software bill of materials (SBOM), which requires software vendors to provide an itemized list of its components. The inclusion of supply chain security measures such as vulnerability assessments and country of origin inspection is a logical reaction to the SolarWinds hack, which resulted in the U.S. sanctioning Russia.

In January, the executive order was bolstered with a memorandum focused on “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles – a relevant and timely effort given the rise in cyber threats, which was then amended with a joint Cybersecurity Advisory from CISA, FBI, and NSA providing an overview of Russian state-sponsored cyber operations against critical infrastructure as tensions rose with Ukraine.

OT & IT: A Tale of Two Technologies

Gaps are starting to become all too apparent in the critical infrastructure sector because of the increased convergence and connectivity between IT and OT environments. IT security teams tend to lack visibility into OT environments, and OT teams are reluctant to make any changes that could jeopardize their productivity.

However, emerging technology trends, such as the industrial internet of things (IIoT) are increasing the attack surface of the organization’s critical networks. If IT and OT leaders are unable to come together to manage these changes, then attackers will surely exploit these gaps. IT and OT leaders must also tear down their organizational silos if only to then rebuild a stronger perimeter between them.

Critical Infrastructure Protection

After a series of high-profile cybersecurity incidents over the past years, and aggressive attacks on Ukraine with Russia, both public and private sectors outside of that region are coming to understand the importance of defending against targeted and sophisticated attacks – particularly in the critical infrastructure sector. The most recent National Security Memo and Federal Strategy provide strong direction on protecting critical infrastructure.

Learn how OPSWAT OT & Industrial Cybersecurity Solutions can help safeguard your critical environments, and check out the OPSWAT CyberTrailer™, the world’s first mobile Critical Infrastructure Protection lab.

I wish for a peaceful resolution between Russia and Ukraine with a positive path back to prosperity and normality in the region.