Security Experts:

Attacks Against Critical Infrastructure Poise to Reshape Cyber Landscape

It's Time for the Organizations Charged With Protecting Our Physical Infrastructure to Take Action and Fight Back

Over the last couple of years, we have seen a marked shift in cyber-attacks. Traditionally, hackers have focused on theft; stealing data is easily monetizable, which meant that headline attacks tended to involve the breach of personal information or intellectual property. But now a new kind of threat is on the rise.  Attacks now involve sabotaging and disrupting the technology systems that support manufacturing, energy generation, and transportation. Hackers have increasingly focused their attention to breaking into industrial environments. Against the ongoing backdrop of cyber conflict between nation states and escalating warnings from the Department of Homeland Security, critical infrastructure is becoming a central target for threat actors.

Looking forward to 2019, we can expect this rise in industrial cyber-attacks to continue. A lot of the industries supporting our critical infrastructure are undergoing a dramatic transformation. Internet of Things (IoT)-based innovation is spurring a wave of digitization across manufacturing and energy distribution. This perfect storm of increasing digital footprint and attacker focus is set to make industrial security the new front-line of cyber defense, and potentially even outright warfare. Here are three predictions for the next-generation of industrial cyber-attacks we are likely to see in the coming twelve months.

Critical Infrastructure Security 1. Turning Off the Lights: Smart Grid Compromise

The electricity industry has been undergoing a quiet revolution. Historically, large parts of the power grid relied on antiquated technology for transmitting and distributing power to our homes. But we know that these systems can be hacked – the 2016 attacks that shut off the power in Ukraine kick-started a focused and on-going campaign of attacks on the US power grid. And now, we are introducing millions of smart meters into this system. These smart meters are IoT devices that are notoriously easy to hack and incredibly difficult to defend. Smart meters present an easy route in for hackers looking to shut off electricity across cities or countries. There are many ways in which this might work – research has suggested that by turning off individual smart meters, an attacker might indirectly sabotage the grid. No matter how it unfolds, the ingenuity of attackers has taught us that we should never assume that a complex system is secure by design, If there is a way in, it will be found – and the rapid adoption of smart meters is too good an opportunity for the bad guys to miss.

2. Manipulating Markets: Disrupting the Global Supply Chain

Last year, several shipping terminals were temporarily disabled when WannaCry swept the world. Just months ago, the port of San Diego was hit with what appeared to be a targeted ransomware attack. These attacks deny enterprises access to their data by encrypting it and demanding payment for the key to unlock their files. But attackers have a new way to hold industrial businesses to ransom: by disrupting their operations. We first saw signs of this in 2017 when production at a Honda plant was temporarily halted by ransomware. Now, sophisticated threat actors are targeting the maritime sector, and the potential cost of disruption is sky-high. Disruption of core logistics and transportation services for even brief periods of time can cost organizations millions of dollars in damages along the supply chain. Further, the proliferation of just-in-time manufacturing principles now means that the slightest upstream delay can have massive knock on effects. When holding businesses for ransom, disrupting the supply chain might be the best bang for the buck for attackers. 

3. High Profile Hacking: Targeting Major Sporting Events

The last few Olympics have all been targeted by hackers. In fact, earlier this year, the Winter Olympics were hit by cyber-attacks during the opening ceremony that affected stadium WiFi and ticketing systems. These sorts of sporting events are perfect platforms for nation states to flex their cyber muscle. Host nations put their reputation on the line and use these occasions to demonstrate their prowess on the world stage. This global presence makes them highly attractive targets for threat actors looking to discredit the host and paint them as disorganized and technologically backwards. Whilst we haven’t yet seen a cyber-attack that sabotaged the functioning of these events, this is only a matter of time. As transportation infrastructure is increasingly automated and interconnected, hackers will be trying to cause chaos and disruption in cities during the hosting of such events. No doubt the NFL and city of Atlanta – a city that has already fallen victim to widespread ransomware – will be on high alert during the 53rd Super Bowl for attacks on the metropolitan transit systems and stadium facilities.

The challenge of protecting critical infrastructure is a difficult one. Industrial environments are bespoke and often comprised of outdated machines that don’t support traditional security tools. But all hope is not lost. Technologies that rely on artificial intelligence are capable of learning on the job – making them uniquely able to understand the specific intricacies of these networks and identify potential threats as they emerge.

Warfare has already moved to the cyberspace, and it is now time for the organizations charged with protecting our physical infrastructure to take action and fight back. 

Learn More About Protecting Critial Infrastructure at SecurityWeek's ICS Cyber Security Conference Series

view counter
Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. With over 10 years of experience in cyber defense, Fier has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Fier is a highly-skilled technical officer, and a specialist in cyber operations across both offensive and defensive arenas.