Infrastructure / Security:
Industrial control systems are moving from analog to digital. Though this is a necessary step in modernizing these systems, making this change inherently adds cyber security risks, especially for critical IT infrastructures.
The increasing availability of malicious tools means even smaller critical infrastructure sites are at a significant cyber security risk.
“Did you know the same exact tool that caused the recent massive Sony breach can be purchased easily online by anyone?”
Critical infrastructure breaches can lead to significant service outages and critical data loss.
Attacks on the following infrastructures could have potentially disastrous consequences on a large scale.
Implementing IT infrastructure security to meet critical infrastructure protection standards is no longer the kind of investment organizations need to make “someday”. Critical infrastructure security is a top priority in 2015 and beyond.
Here are some of the most common types of cyber attacks critical infrastructures need to prepare for:
Exploiting remote access ports commonly used by vendors during maintenance operations
Intercepting and hacking legitimate channels used to allow IT systems and ICS/SCADA systems to communicate
Imitating known safe sites and convincing users to inadvertently click links in emails or websites, allowing attackers to access workstations connected to both the internet and the ICS/SCADA network
Taking advantage of Bring Your Own Device (BYOD) policies by infecting tablets, laptops, and other devices (as well as removable media) while outside the ICS/SCADA network, then spreading the infection to internal systems when they connect to the network (such as in the case of software updates or simple data retrieval)
Exploiting configuration errors for connected devices or security systems
Unsurprisingly, the types of attacks that make critical infrastructures vulnerable to hackers are the same kinds of attacks experienced by enterprises on a daily basis. The good news in all this is there are already effective cyber security solutions that are proven to effectively protect critical infrastructure.