With cyberattacks on the rise, it’s not just our intimate information that is less vulnerable but also our operational realities that are threatened. This year we have seen attacks happening at critical infrastructures, like nuclear plants, power plants, and airports. These locations major targets for cyberattacks by hackers who are seeking maximum impact. These threats which were perceived hypothetical in the past are no longer deemed to be just theoretical. However, in order to secure these unique systems, there arises a new challenge – the inability to patch.
In recent times, critical infrastructures have grown to be more connected than ever. Physical security is as important as its digital version. Security teams these days train their workforce to concentrate only on physical safety are prone to downplay growing digital risk. To improve efficiency and maintenance, organizations prefer connecting transformers of a grid, but at the same time if officials can connect remotely to monitor the device, then surely a hacker can as well.
Software Patching
The human need for the crucial systems to always be running and operational complicates the usual standard cyber procedure. Yet, defending critical systems is vital because any maliciously motivated malfunction might lead to a potential disaster. Securing such a critical infrastructure system introduces the security team with a very frustrating paradox: Software patching.
Even though patching is pretty straightforward, it gets difficult when you plan to patch systems in the critical infrastructure. Restarting an entire grid, which can be for power, water or railway networks, can be very tedious. Given a system shut down is imperative, security personnel usually schedule a large number of fixes together. It’s needless to say, that such system-wide shutdowns cannot be planned or improvised in response to emerging threats.
Vulnerabilities
Vulnerabilities just like cyber threats are evolving and most of them are known to threat actors which are a major cause of concern since cybercriminals take advantage of this and plan an attack for their benefit. Major corporations and critical infrastructures have already fallen prey to attacks due to known vulnerabilities. Such incidents have only shown the world how vulnerable critical infrastructure systems are around the world. Hence, the basic use of prevention methods and mitigation schemes should always be in place along with a contingency plan.
One Step Behind
The patching issue is further complicated by the fact that critical infrastructure systems are interconnected by design, making it difficult to isolate the effects of service disruption or system updates. Patching of critical systems needs extensive certifications, to ensure that a patch doesn’t lead to a cascading negative reaction through the system post patching. However, these certifications could take a month or even years, during which the systems could remain exposed. Security lapses are further extended because often, skilled experts are the only ones who can carry out an installation.
Path Forward Potentially
Despite the challenges of patching vulnerabilities, we can never afford to ignore the security of these safety-critical systems in our critical infrastructure. Prompt and timely patching needs to be done with the patches are available for the systems. However, the contingency measures should always be in place to ensure that security lapses don’t occur.
To tackle this challenge an incident response team should be put in place by the organization, comprising of personnel from different departments and infuse the team with technological resources with constant training for cybersecurity awareness. Along with these steps, a real-time vulnerability hunting tool like Nemasis-VMS can help the incident response team to stay one step ahead of the cyber attackers.
Critical Infrastructure Systems must include technological solutions like Nemasis into their patch management system so it can provide continuous threat monitoring and detection. This is of vital importance since threat actors might seek weak spots in the networks to exploit. Alerting the security personnel about a compromised system is not enough, the person should also be armed with information about the know-hows of the attack, as they need to react quickly in order to mitigate the attack before any real damage is done. Along with well trained and certified staff and passive monitoring, this information can be provided to mitigate an attack.
This is certainly not a standard cyber procedure at this point of time, but its an essential one for critical infrastructures facing numerous waves of threats, which are mounting by the minute. Since the challenges in patches are not going away anytime soon, it’s necessary to adopt a smarter approach when tacking such a challenge.
To read more, please check eScan Blog
