Industrial control systems are moving from analog to digital. Though this is a necessary step in modernizing these systems, making this change inherently adds cyber security risks, especially for critical IT infrastructures.
The increasing availability of malicious tools means even smaller critical infrastructure sites are at a significant cyber security risk.
“Did you know the same exact tool that caused the recent massive Sony breach can be purchased easily online by anyone?”
Critical infrastructure breaches can lead to significant service outages and critical data loss.
Attacks on the following infrastructures could have potentially disastrous consequences on a large scale.
Common Types of Cyber Attacks on Critical Infrastructures
Implementing IT infrastructure security to meet critical infrastructure protection standards is no longer the kind of investment organizations need to make “someday”. Critical infrastructure security is a top priority in 2015 and beyond.
Here are some of the most common types of cyber attacks critical infrastructures need to prepare for:
- Exploiting remote access ports commonly used by vendors during maintenance operations
- Intercepting and hacking legitimate channels used to allow IT systems and ICS/SCADA systems to communicate
- Imitating known safe sites and convincing users to inadvertently click links in emails or websites, allowing attackers to access workstations connected to both the internet and the ICS/SCADA network
- Taking advantage of Bring Your Own Device (BYOD) policies by infecting tablets, laptops, and other devices (as well as removable media) while outside the ICS/SCADA network, then spreading the infection to internal systems when they connect to the network (such as in the case of software updates or simple data retrieval)
- Exploiting configuration errors for connected devices or security systems
Unsurprisingly, the types of attacks that make critical infrastructures vulnerable to hackers are the same kinds of attacks experienced by enterprises on a daily basis. The good news in all this is there are already effective cyber security solutions that are proven to effectively protect critical infrastructure.
Protecting Against Cyber Attacks
To help protect critical infrastructures from cyber attacks, North American Electric Reliability Corporation Critical infrastructure Protection (NERC CIP) developed standards for implementing and auditing cyber security. There are a total of 9 standards and 45 requirements, providing critical infrastructures with a comprehensive protection blueprint.
These standards make implementing effective security standards complicated for critical infrastructures. Simply deploying solutions is not enough; there must also be mechanisms to audit these solutions, estimate the effects of a breach, and other requirements defined by the NERC CIP standards.
Though the process of implementing and auditing compliance for these standards is a complex task, getting help from experienced vendors can greatly ease this process.
Contact Patriot today to speak with our NERC CIP and IT infrastructure security specialists.
Ask about our smart data controller for infrastructure monitoring or learn more about our other cyber security solutions.