So far, 2014 appears to be a turning point on cybersecurity for companies involved in critical infrastructure.
For quite some time, these industries felt they weren’t vulnerable to cyberattacks because of the air gaps that exist between the Internet and the equipment used for power generation, as well as widespread use of “proprietary SCADA IP protocols.” according to ITProPortal contributor Adrian Crawley.
While affected industries have been slow to respond, the threat to infrastructure has been on the government’s radar for some time now. During a cybersecurity summit last year, former assistant defense secretary for Homeland Defense and America’s Security Affairs Dr. Paul Stockton warned that a successful attack against a computer network connected to the power grid could cause the critical lifeline infrastructure to fail if the attack persisted long enough, Crawley reported.
Such an event could disrupt hospitals, transportation and distribution of goods, threatening public health and safety. However, the growing sophistication and increasing success of attacks against targets involved with infrastructure have caused affected industries to change their tune and realize they’re not invincible.
One such attack— the infamous cyber espionage campaign Energetic Bear — is responsible for infecting an estimated 2,800 machines around the world. Victims include multiple industries related to critical infrastructure, including manufacturing, construction, industrial and machinery.
Along with Energetic Bear, infrastructure around the world has been targeted by attacks such as Shamoon, Stuxnet, Night Dragon and Dragonfly in recent months, highlighting the increased frequency of such threats.
The Pentagon Makes Strides In Protecting Military Power Supply
While every industry is experiencing a heightened risk environment at the moment, attacks aimed at companies involved in critical infrastructure are especially dangerous and in need of defense measures to mitigate their effects.
Within those industries most affected, the military is likely the most vulnerable. Energy experts have been warning the military for years that the technology the power grid relies on is outdated and that the Department of Defense should look into independence from commercial utilities.
The U.S. military requires an uninterrupted supply of power to support operations both at home and abroad, and sufficient backup power can’t be provided through diesel generators alone. In an effort to protect against attacks aimed at the grid, the Pentagon has begun pushing for the construction of stand-alone power grids on military bases across the country in order to provide energy even if the main grid were to fail, The Wall Street Journal reported.
A base in Twentynine Palms, Calif., is currently in the process of constructing an independent grid. At the moment, the base still purchases energy from Southern California Edison, but in the near future it will be able to run even during a blackout. The grid operates on a system of batteries, diesel generators, small power plants and solar panels.
Securing The Rest of The Grid
While the DoD is able to work around its power issue by creating stand alone grids, not every organization involved in critical infrastructure is so lucky. The majority of industries affected by these attacks are at the mercy of whatever security defense techniques they have deployed. Luckily, stronger security measures are being created all the time and strong protections are available to secure privileged networks.
Utility providers and other organizations involved in critical infrastructure can implement a few simple but effective techniques to insure their systems and networks are sufficiently protected. Among the best of these security measures is two-factor authentication. While this method is straightforward — requiring multiple forms of identification to obtain access to sensitive information — it is capable of drastically improving the protection of privileged data and networks.
Employing two-factor authentication for power grids enables organizations to deploy an extra line of defense against attackers and enhance the security posture of the nation’s most important infrastructure.