Recent State-Sponsored Cyberattacks on Critical Infrastructure Show How Countries Must Rethink Their Security Strategies

By June 12, 2020 No Comments

A number of recent high profile cyberattacks on critical infrastructure have demonstrated just how urgent it is for nations to double-down on protecting their most valuable assets. One example of this comes from Israel and Iran, which have engaged in a series of back-and-forth cyberattacks over the last month. First, two water supply locations in Israel came under attempted cyberattack, supposedly linked to Iran. A few days later, an attack attributed to Israel targeted Iranian infrastructure at port Shahid Rajaee, halting port operations and creating major backups in both waterways and roads surrounding the area. As Israel’s quick response time to Iran’s alleged attack suggests, nations are likely planning attacks against utilities and infrastructure ahead of time as a key part of their cyber warfare strategy. With the very real risk of cyber intrusions disrupting utilities or infrastructure, it’s critical for countries to ensure they’re properly protecting their assets.

Israel and Iran aren’t the only ones engaging in cyber warfare. Experts believe that countries such as Russia and China have also bolstered their cyberattack capabilities recently, with attack plans against critical infrastructure at the ready if threatened.

When it comes to keeping critical infrastructure safe, nations need a new approach to security. Right now, nations and organizations are focused on protecting IT networks (typically connected to the public network) using traditional security controls like firewalls and VPNs. As IT and OT networks converge, though, organizations are trying to secure those OT networks, which contain critical infrastructure, using these same traditional tools––but these are inadequate and not designed to keep infrastructure like utilities secure. This often means that IT assets like email servers, for which traditional security controls are meant to protect, are more secure than nuclear centrifuges, water pumps, and electrical equipment – infrastructure that, if compromised, could seriously and adversely impact human lives.

In order to properly safeguard infrastructure, organizations must start assuming the worst – that they are a target and that hackers are already in the system – instead of hoping for the best. This means adding in security controls for critical infrastructure in addition to the existing IT security controls, and focusing not only on detection but also on prevention. While Israel was able to detect the attack against its water utility, for example, it was only after the malware had already stopped the water pump. If, instead, Israel had used a security system that isolated attacks in real-time, the effects of this attack could have been minimized.

With Xage’s distributed tamperproof security fabric, all industrial operations are universally protected with a trusted cybersecurity foundation, whether legacy or modern, human-to-machine, machine-to-machine, or edge-to-cloud. Xage both protects against and isolates hacks, allowing systems to self-heal and avoid longer term shutdowns or domino effects – with Xage’s zero-trust approach, it eliminates any implicit trust zones and protects all interactions. As systems become more complex, too, the Xage Security Fabric becomes stronger; by sharing data across Fabric Nodes, it increases the strength of the system through distribution, rather than making it more vulnerable like traditional, centralized systems would. Xage also seamlessly adds a multi-factor authentication overlay to systems and applications without requiring costly upgrades. With a security system like Xage, countries are able to secure critical infrastructure from potentially disastrous disruptions. 

As the threat of attack on infrastructure becomes more and more evident, it’s critical for countries to take the necessary steps of protecting their assets––not only to protect from disruptions, but also to ensure the safety of their citizens. With the Israeli water utility as an example, disruption can mean not only loss of service, but also a decline in the safety of public resources, posing health risks to citizens. With multi-factor authentication and role-based access control technology like in the Xage Security Fabric, nations are able to protect and control their assets, keeping both their infrastructure and their citizens safe.

Learn more about Xage’s distributed, tamperproof security solutions here.

White Paper

the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.