In the wake of the U.S. FBI and Department of Homeland Security accusing Russia of a cyberattack directly targeting U.S. critical infrastructure, and in the context of businesses being hit by a mix of local and international cyber-attacks, businesses need to take enhanced measures to eliminate of to isolate threats.
According to Stewart Kantor of Full Spectrum, an option is to isolate threats with private networks as an alternative to public networks. Digital Journal caught up with Kantor to discover more.
Digital Journal: Are cyberattacks on the increase?
Stewart Kantor: We’ve seen a dramatic increase in attempts to infiltrate Internet Protocol (IP) based networks – particularly within mission-critical operations for our nation’s critical infrastructure. IP networks create greater efficiencies in networking, enabling us to implement the Industrial IoT (IIoT) however, it has left these operations more susceptible to cyber threats.
To establish remote IP connectivity in the industrial sector, some critical infrastructure operators have turned to public consumer cellular and unlicensed networks, however, hackers are better equipped to infiltrate these networks. To mitigate this threat, more industrial operators, particularly in the electric utility sector, have rallied behind a new private wireless network standard known as 802.16s, which is helping to separate industrial operations from the public internet, creating an air-gapped defense and the ability to isolate any infiltration to mitigate the threat and prevent wide-spread hacker damage.
DJ: Where are these attacks coming from?
Kantor: The real source of attacks can be masked however we see attacks from both domestic and international points of presence. Most recently, we’ve seen the U.S. government pinpoint Russian nation-backed cyber terrorists as those who are targeting a wide variety of operations, from the U.S. election to our critical infrastructure.
While it’s difficult to say who exactly is targeting our mission-critical operations, it’s important to note that these attacks are starting to outpace the cyber barriers already in-place so it’s extremely important to implement new standards like 802.16s to develop the best defense possible in the event of a cyber attack.
DJ: Are some businesses more at risk than others?
Kantor: Independent of the type of business, hackers universally seek out points of vulnerability. Obviously, your local pet grooming site is not a high-value target. The people orchestrating the attacks are often looking for the most financial and/or political gain – which is why critical infrastructure is one of the most appealing targets. Currently, we’re seeing significant threats in sectors where IIoT has been introduced within the last decade including electric and water utilities, transportation, oil & gas, military & defense, and environmental monitoring.
Energy and transportation in particular have seen increased threats as debilitating these operations could create the most damage. Consider for example the northeast blackout of 2003, where a failure in an electric utility’s alarm system created a snowball effect that would result in a loss of power for 50 million people, a cost of an estimated $6 billion and at least 11 deaths. Or consider the devastation of natural disasters like Hurricanes Harvey, Irma and Sandy. By taking out the power grid or other critical operations where the well-being of large portions of the population could be impacted, cyber terrorists are able to create the most damage with a single attack.
DJ: Why do vulnerabilities arise? Is this due to weak systems or businesses not having people with the right skills?
Kantor: It is a combination of vulnerabilities driven by the rate of change in technology and overall security business practices. Prevention is not necessarily seen as a profit center and often is only addressed in a reactionary mode following a significant breach in security for either the operation itself or for a similar operator.
Cyber terrorists are identifying new ways to infiltrate existing systems, networks and technologies every day so it’s of the utmost importance to avoid becoming complacent and instead take a more vigilant, proactive approach to mitigate new threats. This involves updating IoT technologies and the networks they’re connected to.
DJ: Specifically, what type of vulnerabilities exist in critical infrastructure?
Kantor: Critical infrastructure has both physical and technological vulnerabilities. Physical attacks such as vandalism to backbone communications lines or shooting at utility transformer are more transparent. When a physical attack takes place, the damage is immediate and can be seen almost instantaneously. Cyberattacks, on the other hand, can lay dormant for some time until unleashed. They can lurk in code, transferred through a corrupted file or through a communications network which is why they’re so dangerous – you don’t know if they’re there, and if they are, when they’ll launch an attack.
DJ: What can businesses do to better protect themselves?
Kantor: Constant security scans for vulnerabilities are extremely important since these cyber threats are evolving regularly to find new ways to infiltrate different systems and operations. Industrial operators need to limit access from public networks and external software, particularly for mission-critical operations where constant connectivity is imperative.
By establishing their own private networks or connecting with a network service provider that offers an 802.16s-based private network to only mission-critical entities, users can rest easier knowing their networks are better suited for critical operations. Keeping all software updated with the most recent patches also ensures that operations are better prepared in the wake of a cyber threat.
DJ: How important are private networks in contrast to public ones?
Kantor: We believe private networks built to the 802.16s standard provide a better defense when compared to public cellular data networks or unlicensed networks as they help to create multiple layers of security better suited for the industrial sector where hundreds of thousands of smart technologies are reliant on continual communications to maintain operations. First, it offers the capability to maintain an airgap from the public Internet, which provides a great defense from external remote cyber-attacks.
Private networks in addition to the isolation from the public internet, allow the operator to prioritize restoration if a network has been compromised. If you are relying on an external communications provider, you can be locked out of your own network. Simultaneously, private licensed networks provide greater transparency into operations and can help to identify a possible breach and isolate those servers.
If a cyber attack does enter the system, operators on private networks can minimize the damage by isolating and shutting down the infected server and restarting with a clean server which stops the attack from spreading to other sections of the network and impacting other technologies.
DJ: What future threats will businesses face?
Kantor: Moving forward, we’re likely going to continue seeing this ongoing dance between hacks and the ‘fixes’ used to resolve cyber issues. As IIoT is increasingly integrated into mission-critical operations, we’ll continue to see these cyber vulnerabilities increase. But there is no turning back now as the use of IIoT and IP is a standard in and of itself now due to the convenience and increased use of low-cost computing devices. WiFi chips are almost free along with new sensor technology. Under this scenario, you have to think seriously about the data being protected. where to keep it and how to secure it.
