Protecting the nation’s critical infrastructure is going to require public-private sector partnerships to close the current security gaps and potential risks to the U.S. supply chain and national security, Claroty said in a blog post on Monday. Apart from this, an inventory of all operational technology (OT), IT, and industrial Internet of Things (IIoT) assets, processes, and connectivity paths into the OT environment will provide necessary data and help tackle inherent critical risk factors from vulnerabilities and misconfigurations.
“Visibility into process values—such as temperatures, chemical composition, and product formulas—can help ensure the quality and consistency of outputs. You can establish a behavioral baseline against which to monitor the network and understand the vulnerabilities, threats, and risks that may be present—including anomalies that may indicate an early-stage attack—in order to take pre-emptive actions,” the Claroty research team wrote in the post.
In the current hyper-connected world, OT networks have security gaps, leaving network segmentation to compensate and make up for this. Since these environments are often geographically dispersed, deploy virtual segmentation to zones within the industrial control system (ICS) network to regain control over isolated sites. This will alert users in case of any lateral movement as malicious actors try to establish a presence, jump zones, and move across the environment. Virtual segmentation can also improve network monitoring and access control, and greatly accelerate response time.
In the event of exploitation of the security gaps, an attacker does establish a foothold, organizations can shut down only portions of the network, regain control, and drive intruders out, saving cost and reducing downtime. Additionally, encryption of data at rest and in motion is important for good cyber defense and resilience with respect to ransomware.
The World Economic Forum (WEF) said on Monday that currently there is a surge in supply chain cyberattacks, both in number and in sophistication. As commerce is global, there is a need for a widely accepted framework for a reliable accreditation-certification process in cybersecurity that is continuously updated and evidence-based. “Governments and the private sector, working together, have a responsibility to close that gap, establish an accepted framework and mutually recognize such similar frameworks in like-minded countries,” according to the WEF insight.
The WEF identified security gaps brought about by existing certification frameworks only including standards like ISO 27001 and NIST, while there is a need for a detailed and clear language that is more cyber-specific than the current generic framework. The agency also sought for more detailed and clear procedures to check and verify that the relevant controls have been enforced, using relevant and defined tools of the audit.
The ransomware threat was also taken up at the recent Carbis Bay G7 summit, where world leaders committed to work together to urgently address the escalating shared threat from criminal ransomware networks. “We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” according to the summit communique.
The U.S also drew attention to Russia for its alleged role in recent cybersecurity incidents. “We reaffirm our call on Russia to stop its destabilizing behavior and malign activities, including its interference in other countries’ democratic systems, and to fulfill its international human rights obligations and commitments. In particular, we call on Russia to urgently investigate and credibly explain the use of a chemical weapon on its soil, to end its systematic crackdown on independent civil society and media, and to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes,” it added.
Massachusetts Attorney General Maura Healey called upon members of the business community and government entities, including law enforcement agencies, to immediately assess their existing data security practices and take appropriate steps to upgrade security measures to protect their operations and consumer information.
“Leaders from the public and private sectors have an important and critical responsibility to public safety and welfare to protect against these threats,” AG Healey said in her memo last week. “We strongly encourage all Massachusetts businesses and government organizations to take the appropriate steps to strengthen data security and ensure its computer networks are secure as required by law. Our office will work with federal law enforcement partners to identify and hold the criminals responsible for these ransomware attacks accountable.”
Last month, U.S. President Joe Biden signed an executive order (EO) following persistent and increasingly sophisticated malicious cyber campaigns that threaten the public and private sector, and ultimately the American people’s security and privacy. The order called upon the federal government and the private sector to work collaboratively to identify, deter, detect, and respond to cyber incidents, expressing that “bold changes and significant investments” are needed to defend the nation’s computer systems from attack.
The Biden administration issued the EO after fuel pipeline company Colonial Pipeline was attacked by DarkSide ransomware hackers. Apart from the Colonial Pipeline cybersecurity attack, the US critical infrastructure has in recent months been hit by hackers, such as the SolarWinds supply chain attack in December, the municipal water system at Oldsmar, Florida in February, at the Steamship Authority of Massachusetts, and at the world’s largest food producer JBS earlier this month.