• Netenrich
  • /
  • ...
  • /
  • National Critical Infrastructure – Using Cybersecurity To Fight The Invisible War
Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

National Critical Infrastructure – Using Cybersecurity To Fight The Invisible War

Find out how KNOW can help protect national critical infrastructure

Rajarshi Mitra
Post by Rajarshi Mitra Nov 26, 2020

National critical infrastructure is an umbrella term that defines the physical and cyber systems that are extremely vital for a nation’s well-being. In fact, they’re so crucial that incapacitating or destroying them, in any way, can have a lasting negative impact on the country’s physical/economic security, public health, and safety. We will later see how our threat intelligence can proactively secure these systems. However, before we do so, let’s first understand what national critical infrastructure means.

According to Certified Information Systems Auditor (CISA), there are 16 sectors defined as national critical infrastructure – chemical, commercial facilities, communication, critical manufacturing, dams, defense industrial base, emergency services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, transportation systems, and water and wastewater systems.

In an increasingly digital world, protecting these sectors from threat actors is beyond critical.

World War 3 – Moving from guns to computers

CPO Magazine recently wrote an interesting article about how a potential World War 3 would look like. According to the article, the third world war is already happening online. Guns and cannons are replaced with keyboards and smartphones and soldiers with hackers.

For example in June 2020, a massive cyberattack hit Australia that was reportedly perpetrated by Chinese threat actors. During a press conference, Prime Minister Scott Morrison said that the attack targeted organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, essential service providers, and operators of other critical infrastructure.

What happens when national critical infrastructure goes down?

A national critical infrastructure system includes multiple elements of varying levels of importance interconnected by linkages of various types and intensities. When this structural arrangement is threatened by a severe threat such as a cyberattack, it can lead to disruptions, catastrophic consequences, or even complete failure of different subsystems.

3 failure propagation categories in national critical infrastructure systems;

As per this report, failure propagation within a system can fall under 3 categories:

  1. Cascading failure: Disruption in one infrastructure causes the disruption of another, which eventually causes another service disruption. For example, disrupting the power sector can have a severe effect on multiple sectors
  2. Escalating failure: This occurs when a disruption in one infrastructure causes an independent disruption of a second infrastructure, generally in the form of increasing severity or time to recovery
  3. Common cause: When two or more infrastructure networks are simultaneously under attack

The reality of modern cyberwarfare

In today’s digital-heavy age, governments prefer cyberwarfare since it offers massive advantages over traditional warfare. For example, using cyber recon, a government can easily steal valuable information without crossing their enemy’s border. As Zohar Rozenberg, Chief Security Officer at Elron puts it:

“Any teenager with a smartphone could expose international operations with one tap. In that sense, cyberattacks carry a smaller risk for militaries.”

As we have already said before, this is no longer mere conjecture. These attacks are happening as we speak. However, there’s something that makes the whole situation even scarier.

On the digital battlefield, attacks are no longer limited to just countries. Private entities, organizations, or even a rag-tag bunch of pissed off hackers can leverage their financial clout and launch an attack on anyone they wish.

The 2015 malware attack on Ukraine’s national critical infrastructure

In December 2015, the Prykarpattyaoblenergo control center, which is responsible for distributing power to the residents of Western Ukraine, experienced a major attack. A group of threat actors managed to take control of its SCADA systems, open the breakers, and take the substation offline. Thousands of people ended up losing their power as a result. Even though the operators frantically tried to re-enter the system, the attackers had already changed the password by then, preventing any desperate login attempts.

After taking down 30 substations, the attackers proceeded to hack two other power distribution centers simultaneously, taking them offline and leaving more than 230,000 residents in the dark.

While Ukraine was quick to point their fingers at Russia, Robert M. Lee, co-founder of Dragos Security, believes it’s not that simple. According to Lee, there are clear delineations between the different phases of the attack, which suggests that different levels of threat actors are involved. So, while nation-state attackers may have eventually taken over the attack, it was likely started by your standard cybercriminals. As Lee puts it:

“This had to be a well-funded, well-trained team. … [B]ut it didn’t have to be a nation-state.”

How can KNOW help protect your national critical infrastructure

KNOW is Netenrich’s threat intelligence dashboard and cybersecurity news aggregator that helps you stay on top of the most trending topics. One of KNOW’s coolest features is that you can manually customize which threat actors, malware, and vulnerabilities you want to track continually.

For example, one of the most well-known state-backed threat actors is Russia’s Sandworm Team.

national critical infrastructure

As you can see, by entering “Sandworm Team” in KNOW, you will get all the relevant information you need.

national critical infrastructure

The image above shows you the latest references captured from social media and different articles:

  • Total references: 3,000
  • Last 60 days: 428
  • Last 7 days: 10

Along with this, you can also gain critical context that can help you better prepare yourself from the threat actor.

national critical infrastructure

  • Related IPs: 2
  • Domains: 1
  • Hashes: 47
  • Malware associated: Petya, Bad Rabbit, BlackEnergy, KillDisk, FELIXROOT, GreyEnergy, Industroyer, Exaramel, BlackEnergy 3, and VPNFilter.
  • Vulnerabilities: CVE-2019-10149 and CVE-2015-5374.
  • Related intrusion methods: Phishing, Credential Dumping, Web shell, Credential Stuffing, Cryptocurrency Mining, Social Engineering, Exfiltrate data, and 12 more.

As you can see, KNOW helps you stay on top of state-backed threat actors. It proactively protects your national critical infrastructure systems from experiencing failure. Leverage proactive cybersecurity and prevent massive disasters.

Rajarshi Mitra

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Oct 21 2021

Cyber Burnout, Tune out

Infosec Workers Plea For Help...

Read More
Oct 01 2021

Netenrich CEO: How To Solve the Complexities Around Security

Modern operations need to converge and integrate w...

Read More
Jun 22 2021

Attack Surface Management during Mergers & Acquisitions

Empower your team to become more proactive and fix...

Read More