Why and how the U.S. should increase cyber protection: A call to arms

Did you miss a session at the Data Summit? Watch On-Demand Here.

This article was contributed by Amir Sternhell, CSO of Sertainty Corporation.

Russia has been sanctioning state-sponsored cyberattacks on critical U.S. infrastructure since 2016 with the Energetic Bear Malware. It has proven that it will utilize zero-day attacks repeatedly on Ukraine with the aim of crippling its critical infrastructure and financial system. However, with the latest Russian incursion into Ukraine, there are cybersecurity solutions and mitigations that can be taken to safeguard the global critical infrastructure from the latest round of malware emanating from Russian hackers (Sandworms). 

CISA has released the following statement: “All organizations are at risk of being targeted by ransomware and have an urgent responsibility to protect against ransomware threats.” The following aims to put CISA on notice that there are recent technologies and constructs that will counter and negate any sabotage to industries or the need for retributions. 

Cybersecurity solutions: Situational awareness

The Colonial Pipeline breach on May 7, 2021, exposed the reality that we need

Innovative solutions to safeguard the energy sector and pipelines. Joseph Blount, the CEO of Colonial Pipeline, provided testimony in Congress that accentuated the fact that we are not doing enough to protect our fuel as he defended Colonial Pipeline’s decision to pay ransomware and keep it confidential. 

What has become apparent is that the Industrial Internet of Things (IIoT), though in its infancy, only accounts for a small percent of the breaches attributed to cyberattacks but will require our utmost attention moving forward. This is due to the $1.2 infrastructure bill that passed in 2021. The bill aims to upgrade our critical infrastructure and open opportunities associated with dialing renewables, converging between an operational technology (OT) environment and an information technology (IT) environment. This will make the need for cybersecurity solutions more holistic and necessary on an end-to-end basis. 

Countering nation-state attacks, either direct or via proxies, will require containment (obfuscation and nullification) from within our critical infrastructure to make matters resilient and the solutioning on a competitive basis. PLC, SCADA and DCS constitute the most exposed segments in the OT world and are coupled with unsecured locations and IIoT sensors that have limited battery power and memory capacity. The current cybersecurity solutions for the OT market are proprietary, incompatible across vendor platforms, and do not employ lessons learned from current cyber threat vectors that seek to alter industrial control systems (ICS). 

The challenge

Solving industry challenges, including network visibility into endpoints, is critical. Every device on a network is a potential attack target because of the increasing complexity of adding renewable sources and managing resources and disparate security solutions. Resiliency goals have accelerated the convergence between OT and IT environments due to the trends associated with distributed, digitized and decarbonized which underpin the environmental, social, and governance (ESG) goals that the Global 2,000 are pursuing. 

Hence, deploying a zero-trust architecture at the sensor data and mesh grid level is within our reach and means to maintain the integrity of a command whether the mesh is chartered or unchartered. In a word, we have means to bypass (replicate) existing OT networks that are agonistic to any underlying infrastructure and deploy in a non-networked serverless manner that can recreate or bypass Micro-Controllers, automated PLCs and SCADA touchpoints to reset and render cyberattacks moot or present false realities. 

The remedy

It is incumbent upon the cybersecurity community to pursue holistic solutions for grids and networks through a “digital twin” construct that will identify, preempt, backup and recover from any emerging threats and continue to protect vital assets during periods of attack or disruption. The goal of this novel deployment is to retrofit Security Operating Centers (SOC) that are currently wrestling with adversarial artificial intelligence tools that have spoofed and hijacked PLC-SCADA systems and their sensors, to make systems tamper-proof. 

A digital twin implementation will enhance the security and resiliency of critical infrastructure. This coordinated, multipronged, outcome will be accomplished through a zero-trust and non-networked (serverless) architecture, automated for real-time monitoring, alerting, analysis and decision-making. Effectively, this is to rewireremake Network Access Control (NAC) and Human Machine Interfaces (HMI). These solutions, at the asset, data and mesh levels, exist in countries such as the U.S., Israel, and the U.K. These countries are pursuing a forward defense posture in the global cybersecurity arena. We must be open to an adaptive approach if we are to maintain our resiliency along the geopolitical reality of the West and the Rest.

Amir Sternhell is CSO of Sertainty Corporation.

Originally appeared on: TheSpuzz