The world changed fundamentally during the pandemic. Businesses were affected profoundly as they were forced to undergo digital transformation quickly to survive. And for organizations that were able to truly excel at it, digital transformation became a differentiating advantage. Of course, shareholders clearly saw the cost and competitive advantages of digital transformation and there is no turning back.
Our physical world has become very dependent on its digital components so we can share data and take advantage of simplified and more efficient workflows. The challenge now is that we are in a position of playing catch-up because all that extra connectivity needs to be secured. While the need to secure cyber-physical systems (CPS) is nothing new, the pandemic has escalated it in ways none of us could have anticipated or prepared for out of the gate. For example, who could have imagined a 63-fold increase in telehealth utilization or that 80% of remote-capable workers would continue to work remotely at least part of the time?
Geopolitics up the ante
The explosive growth in CPS interconnectivity, coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation.
We’re dealing with the usual suspects, mainly Russia and China with Iran emerging. But Russia is at the top of the list, as they have demonstrated they are both capable and, in the current climate, motivated to add cyberattacks to their arsenal. As we have seen in the past, Russia doesn’t hesitate to deploy destructive cyber weapons with the potential to paralyze vast portions of Operational Technology (OT) networks: they proved that in 2016 with the NotPetya attack, which paralyzed many organizations. Now, in the era of hybrid war, the increase in attacks on critical infrastructure and the impact of the geopolitical conflict on the world is significant.
As Russia loses more ground in the invasion of Ukraine and pressure from the U.S. and our allies continues to mount, we are likely to see cyberattacks increasingly used as a weapon. CPS and the networks they operate on are obviously attractive targets because of their criticality levels and potential for sabotage. We’ve already seen many examples this year.
In April, Unit 74455 of Russia’s GRU military intelligence agency, targeted high-voltage electrical substations in Ukraine using a variation of Sandworm’s Industroyer malware, which is designed to automatically trigger power disruptions. And in June, Gen. Paul Nakasone, the head of U.S. Cyber Command, confirmed for the first time that the U.S. had conducted offensive cyber operations in support of Ukraine. This is undoubtedly putting more pressure on Russia.
In response to cyber pressure, NATO expansion considerations, sanctions, and other actions and operations, we’ve seen a much more aggressive Russia in the form of scaled cyberattacks across many sectors including power and utilities, oil and gas, manufacturing, transportation, and healthcare, as well as direct targeting of those critical infrastructure networks. The objectives vary, but what they all have in common is the fact that those CPS networks are essential to operations and therefore valuable in this geopolitical conflict.
A call to arms
The U.S. Government has responded with a number of structured initiatives, starting with the Cybersecurity and Infrastructure Security Agency (CISA)’s Shields Up campaign, designed to help organizations of all sizes prepare for, respond to, and mitigate the impact of cyberattacks.
This was soon followed by the enactment of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Although the details are still being worked out in terms of reporting requirements surrounding cyber incidents and ransomware payments, the basic premise of this coordination and collaboration will allow for much broader visibility into critical infrastructure networks, as that’s one of the biggest disadvantage defenders have. In many cases, we simply don’t have enough security telemetry from those CPS environments to provide assistance and guidance to prevent other organizations from falling victim to a similar incident and also identify trends to help get ahead of future threats. Most recently, CISA’s release of its Cross-Sector Cybersecurity Performance Goals (CPGs) is another initiative that drives towards a baseline of defense with a set of pragmatic practices to accelerate risk mitigation.
The message across these initiatives is loud and clear. When we have greater visibility into our CPS environments, we can understand our risk and take the necessary steps to protect these critical systems and pathways. We can also use the information to our advantage in the form of early warnings about emerging threats, thereby proactively strengthening our security posture. Business leaders have demonstrated to shareholders the value of digital transformation, but a surge in attacks and multi-faceted response from the U.S. Government reflects how vulnerable our CPS environments are. Now we need to show that we are taking the right steps to protect these high-value systems that are in the crosshairs.