Critical National Infrastructure (CNI) is essential to the public’s health and safety – but its networks are under attack. 90% of critical infrastructure providers in the US, UK, Germany, Australia, Mexico, and Japan have fallen victim to a cyber attack in the past two years, with growing automation and digitalization only increasing attack surfaces. In many cases, these attacks are thought to be the work of other nation-state actors rather than individual hackers or hacker groups, with motives including industrial espionage from competitors, ransom, and other financial drivers. When critical data ends up in these hands, the financial and reputational damage to the organization can be devastating.
Sophisticated attacks like phishing, malware, data exfiltration, cyber espionage, and Distributed Denial of Service (DDoS) can grant cyber criminals access to CNI networks, where they can take control of and disrupt operational systems or exfiltrate sensitive data. Malicious or inadvertent data leaks caused by insider sources are also on the rise, with six in ten breaches coming from insiders in 2020 –  a 47% increase from 2018.
Why is CNI so vulnerable?
86% of Critical National Infrastructure organizations detected cyber attacks on their OT/ICS environments in 2020, despite 78% feeling ‘confident’ that their OT is protected from cyber threats. The demand for IoT devices and the convergence of critical OT with IT networks provide greater attack potential for hackers, with decades-old industrial control systems lacking suitable authentication or encryption. In addition to this, a large portion of US Critical National Infrastructure is owned by the private sector, meaning that cybersecurity is often less of a priority than maximizing corporate profits.
Critical utilities sectors are currently not required by law to disclose when they have been hacked, and many others choose not to for fear of reputational damage. These communication gaps in CNI mean that information about the scale and severity of threats is hard to come by, and organizations are often clueless about potential cyber threats to their infrastructure.
The reality of CNI threats
The effects of these cybersecurity vulnerabilities are experienced by CNI infrastructure across the globe. In May 2020, one of Iran’s central ports was severely disrupted due to a cyber attack – allegedly in retaliation to an Iranian attempt to attack water facilities in Israel two weeks earlier. While no major damage was done, Israel’s decision to hit back by carrying out another attack on a critical network demonstrates how seriously nations take cyber threats to their Critical National Infrastructure.
A few months later in February 2021, hackers attacked a water treatment plant in Florida in an attempt to raise the amount of sodium hydroxide in the water to toxic levels. An employee was able to prevent the contamination, but without this one worker’s intervention, Floridians would have been at risk of serious health issues.
CNI organizations globally are still recovering from the SolarWinds attacks in late 2020, wherein Russian government-backed hackers spread malicious code to 18,000 organizations. At least nine federal departments and over 100 organizations including energy firms, transportation companies, and laboratories were compromised. Even relatively unsophisticated threats, like the ransomware attack on the Colonial Pipeline fuel supply, can paralyze infrastructure by disrupting the enterprise network. With attacks escalating, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert recommending that critical infrastructure operators in the US take immediate action to prevent malicious cyber activity. This is a call to action for nations and organizations alike – critical national infrastructure needs major cybersecurity investment if we’re to protect the nation’s economy and security.
The future of cybersecurity in CNI
Securing critical national infrastructure is essential to the public’s health and safety. Organizations need to embrace a Zero Trust mindset, investing in resilience and embracing digitalization rather than just patching up OT systems to make them secure. This means closing the visibility gap when it comes to cyber threats.
Centripetal’s Zero Trust cyber threat intelligence solution, CleanINTERNET, offers Critical National Infrastructure real-time visibility into potential cyber threats. One of the most effective ways of creating Zero Trust is to leverage CTI data on emerging threats is with cyber threat intelligence feeds. CleanINTERNET aggregates, manages, and delivers thousands of cyber threat intelligence feeds directly to you, only reporting what is relevant to your business. This allows security teams to better understand their risk profile and respond to any emerging threats. CleanINTERNET provides vital data on how an attack has evolved, allowing for appropriate and timely responses while simplifying the security team’s workflow.
With CleanINTERNET, our cyber threat analysts act as an extension of your team, alleviating the burden on existing security staff and providing strategic intelligence at a fraction of the cost of multiple, disparate threat feeds. The Centripetal team provides personalized support from day one, working with you from implementation onwards to simplify cyber threat intelligence. Digitalize safely and minimize the financial and reputational costs of cyber attacks with CleanINTERNET.