Legacy systems in a connected world: Securing critical infrastructure
In 2017, a memo from Britain’s National Cybersecurity Centre (NCSC) revealed how the UK energy sector was likely to have been targeted and compromised by nation-state hackers, and warned that attacks attempting to compromise industrial control systems managed in facilities such as power stations are becoming more common.
The suspected attack on the Irish power grid reported through an anonymously-sourced report that hackers sent emails designed to trick Irish engineers at a power supply plant giving them access to take down parts of the power grid in Ireland, also serves as a reminder of the increasing threat to critical systems.
Whilst there was no evidence of disruption to the network, this still poses a question for many IT teams and industrial engineers. Are you prepared for a nation-wide attack?
Addressing the air gap
One of the biggest challenges to securing critical infrastructure are the industrial control systems (ICS) which underpin their operation as many run using legacy systems. In some cases these can be more than 10-15 years old and are often incompatible with more state-of-the-art security systems and IT developments. Due to their long life-cycle, it’s notoriously difficult to keep ICS secured against the ever-changing and sophisticated threat landscape.
A solution to address this, which has frequently been employed in the past, is to create an ‘air gap’. This ensures that critical control systems are not connected to, or have interaction with, internet systems in any way. Previously this was easier to practice, however today’s industrial organisations need to keep pace with digital transformation and take advantage of the benefits this can deliver. This results in this air gap being removed and modern ICS networks being connected to both the wider enterprise and third parties, opening up vulnerabilities and new pathways for attacks.
Fighting cybercriminals from the inside
It’s becoming increasingly important that operators in critical industries look to adopt strategies that enable the modernisation of operations through securing legacy systems.
Only recently, the NCSC warned that the UK’s most critical industries must increase its cybersecurity defences or face fines of up to £17 million. A simple, straightforward reporting system will be set up to make it easy to report cyber breaches and IT failures so they can be quickly identified and acted upon.
Cybercriminals across the globe are continually developing their strategies and coding, as well as behaviour, to stay ahead of market defence strategies. To attack critical infrastructure, employees are often targeted with tactics to identify vulnerabilities such as weak password storage, unsecured remote access pathways, social engineering campaigns and installing malware on USBs.
With certain state-sponsored hacking groups’ focus on the military, financial and energy sectors, it is paramount that these organisations deploy solutions that help prevent these attacks. Integrating regular and up to date security training to educate employees will ensure they are aware of the most recent tactics used to target systems and what can be done to prevent these.
In addition, implementing solutions to ensure that employees only have access to areas of the network and devices that their role requires can mitigate these types of attacks. This sounds simple, but in reality, it is an area often overlooked.
Using privileged identity and access management tools, organisations can discover and manage their privileged credentials and control what both third-party and internal users can access on the network. In addition, they provide an auditable history of what was accessed and any updates made during any sessions.
This not only secures access to ICS on an ongoing basis and removes attack pathways, but also empowers teams to identify and act on any potential untoward behaviour.
Looking to the future
Whilst automation and other modernisation strategies are necessary for organisations to deliver efficiencies and competitive advantages, they must also ensure their IT infrastructure and operations remain secure. Organisations must not look to ‘rip and replace,’ but implement practical approaches to secure existing legacy systems but ones that also safeguard future investments.
With new industry regulations and standards being implemented, it’s crucial for organisations to recognise and address the risks that connected systems introduce, looking at long-term solutions that secure ICS and critical infrastructure, while enabling the modernisation of operations and delivering efficiencies.
By Scott Walker, Senior Solutions Engineer, Bomgar
IMF: Variants Can Still Hurt Manufacturing Recovery
After a year of on-and-off manufacturing in the US, UK, and the eurozone, demand for goods surged early last week. Factories set growth records in April and May, suppliers started to recover, and US crude hit its highest price point since pre-COVID. As vaccination efforts immunise much of the US and UK populations, manufacturers are now able to fully ramp up their supply chains. In fact, GDP growth could approach double-digits by 2022.
Now, the ISM productivity measure has surpassed the 50-point mark that separates industry expansion from contraction. Since U.S. president Biden passed his US$1.9tn stimulus package and the UK purchasing managers index (PMI) increased to 65.6, both sides of the Atlantic are facing a much-welcomed manufacturing recovery.
Lingering Concerns Over COVID
Even as Spain, France, Italy, and Germany race to catch up, and mining companies pushed the FTSE 100 index of list shares to a monthly high of 7,129, some say that UK and US markets still suffer from a lack of confidence in raw material supplies. Yes, the Dow Jones has made up its 19,173-point crash of March 2020, and MSCI’s global stock index is at an all-time high.
Yet manufacturers around the world realise that these wins will be short-lived until pandemic supply chain bottlenecks are solved. If we keep the status quo, consumers will pay the price. In April, inflation in Germany reached 2.4%, and across the EU’s 19 member countries, overall prices have increased at an unusual pace. Some ask: Is this true recovery?
IMF: Current Boom Could Falter
Even as Elon Musk tweeted about chip shortages forcing Tesla to raise its prices, UK mining demand skyrocketed; housing markets lifted; and the pound sterling gained value. The International Monetary Fund (IMF), however, cautioned that manufacturing recovery won’t last long if COVID mutates into forms our vaccinations can’t touch. Kristalina Georgieva, Washington’s IMF director, noted that fewer than 1% of African citizens have been vaccinated: “Worldwide access to vaccines offers the best hope for stopping the coronavirus pandemic, saving lives, and securing a broad-based economic recovery”.
Across the globe, manufacturing companies are keeping a watchful eye on new developments in the spread of COVID. Though US FDA officials don’t think we’ll have to “start at square one” with new vaccines, the March 2021 World Economic Outlook states that “high uncertainty” surrounds the projected 6% global growth. Continued manufacturing success will in large part depend on “the path of the pandemic, the effectiveness of policy support, and the evolution of financial conditions”.
Mathias Cormann, secretary-general of the Organisation for Economic Co-Operation and Development (OECD) concurred—without global immunisation, the estimated economic boom expected by 2025 could go kaput. “We need to...pursue an all-out effort to reach the entire world population”, Australia’s finance minister added. US$50bn to end COVID across the world, they imply, is a small investment to restart our economies.