Authors: Harish Jakkal, Director, Solutions Architecture and Chase Snyder, Sr. Product Marketing Manager at Xage Security
The recent cyberattack on Transport for London (TfL) may have had a wide-ranging impact on the everyday lives of millions of commuters in the city of London. According to reports, adversaries might have exploited vulnerabilities in VPN infrastructure deployed at TfL affecting their corporate/IT networks, while the operational industrial control systems (ICS) networks were not impacted likely due to segmentation.
The organization should be appreciated for employing network segmentation so that the impact of the attack was limited to their corporate networks. However, as vulnerabilities in legacy systems such as VPN and adversarial capabilities continue to grow, organizations need to deploy up-to-date solutions that are built using inherent zero trust principles. A teenaged suspect was arrested in connection with the attack, who, if confirmed as the perpetrator, further emphasizes that disruptive cyberattack techniques do not necessarily require a sophisticated adversary to cause harm.
The highly interconnected nature of organizations with traditional information technology (IT) as well as cyber-physical systems (CPS) or operational technology (OT) and industrial control systems (ICS) means that many cyberattacks can lead to widespread disruption of operations that affects everyday people. Oil and Gas companies, transportation and logistics organizations, and manufacturers have all experienced these impacts.
Freight and passenger trains specifically have experienced the impact of cyberattacks worldwide in several high profile cases in recent years.
The risk posed by cyberattacks against freight and passenger trains has led the U.S. Transportation Security Administration (TSA) to issue directives requiring greater cybersecurity controls for freight and passenger rail. The TSA security directives recommend various capabilities consistent with an overall zero trust strategy toward security for critical infrastructure systems.
In the European Union and the United Kingdom, new regulations are also being brought forward to improve cybersecurity in critical infrastructure and services. The EU’s NIS2 regulations and the UK’s NCSC CAF are on the verge of becoming hard requirements, with financial penalties for noncompliance.
A zero trust, defense-in-depth strategy for mitigating against such impacts is increasingly essential. Critical capabilities to defend against initial intrusion and lateral movement, and ultimately prevent operational disruption, include:
- ZTNA with built-in PAM and microsegmentation: Remote access should be secure and simple to manage. It should be subject to the same in-depth, granular policies and controls as local and privileged access. And all three—remote, local, and privileged access should be centrally controlled with a single console that covers all your diverse environments.
- Identity-based granular access control ensures only authorized users can access assets in the network thereby minimizing attack risks.
- Per-asset MFA for remote access and local access: With Xage, admins can configure per asset MFA, an additional security measure, to protect against credential stuffing or password spraying, and to create an additional layer of defense against mfa fatigue attacks
- Tamper-proof audit logging for ongoing visibility to ensure you can identify and take mitigating actions at the earliest possible moment and to retain visibility for forensics analysis.
Xage Zero Trust Access (ZTA)provides the remote access capabilities of zero trust network access (ZTNA) while enabling granular control of privileged accounts and in-depth microsegmentation across corporate/IT, OT, and cloud infrastructure.
Xage PAM and ZTA provide access management for every asset in IT, OT and cloud, including legacy assets, PLCs, and other critical infrastructure components, thereby enhancing overall security and ensuring that even the oldest equipment remains protected against modern threats.