In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks.
How do current cybersecurity strategies address the critical infrastructure sectors’ unique needs and vulnerabilities?
Some current cybersecurity strategies such as protocol isolation, network segmentation and visibility certainly help to address some of the ‘low-hanging fruit’ and visibility allows the sectors to have a good idea of the assets they currently have. Traditional thought is that you can’t secure it if you don’t know it exists. However, current strategies tend to treat OT like a dog with three legs: You can play with it, but you know you can’t be too rough with it or it’ll tip over. We need to do better.
What are the barriers to timely and effective cyber threat information sharing, and what strategies can be implemented to overcome these obstacles?
Closed architecture and protection of code by vendors is probably the biggest barrier to threat information sharing. The inability to develop an accurate SBOM on software because it’s considered ‘proprietary’ ensures that it will take much longer to release information regarding that platform to the public. Growing willingness to share information by more prominent equipment manufacturers could start with a willingness to share their SBOMs.
Could you discuss any innovative technologies or approaches being developed to enhance the resilience of critical infrastructure against cyberattacks?
While new and emerging technologies often promise innovative solutions to cybersecurity challenges, strong foundational elements of practical information security are where most go wrong. Without a strong foundation of established controls and configuration management practices, integrating new tech may inadvertently create new attack vectors or expose vulnerabilities. Moreover, emerging technologies may lack mature security frameworks and standards, leading to gaps in protection and increased exposure to threats. Therefore, prioritizing exceptional fundamentals over the allure of new technologies is crucial for maintaining a resilient security posture and effectively mitigating risks in today’s ever-evolving threat landscape.
Foundational controls and best practice configuration management serve as the bedrock of a robust cybersecurity strategy for several reasons. Establishing a solid security baseline forms the backbone of defense against a wide range of threats. These controls, such as regular patch management, access controls, and network segmentation, address common vulnerabilities and reduce the attack surface, making it harder for adversaries to exploit weaknesses within the technology ecosystem and have historically proven ROI.
Innovative technologies and approaches are key to enhancing the resilience of critical infrastructure against cyberattacks as can be observed with recent innovations in secure remote access technologies. These solutions are designed to offer seamless and secure access for users, catering specifically to the needs of operational technology (OT) and critical infrastructure systems across various industries.
One of the core technologies employed in these solutions is protocol isolation combined with a zero-trust architecture. This approach eliminates common attack vectors by ensuring that users are continuously authenticated and authorized, significantly reducing the risk of unauthorized access. Protocol isolation safeguards against cyber threats by avoiding the direct exposure of protocols to untrusted networks. Instead, it converts these protocols into an interactive video stream, which only requires a single port to be open to the untrusted network, thus enhancing security without compromising usability.
Additionally, these solutions integrate multi-factor authentication, user-to-asset access controls, user session analytics, and automatic video recording. These features not only strengthen security but also offer comprehensive control and oversight of user activities, ensuring that operations can proceed securely from any location, at any time, and across various devices. This flexibility supports a distributed workforce, including third-party vendors, without sacrificing security.
Moreover, such solutions are designed to address compliance and operational efficiency. They support adherence to a range of cybersecurity standards through features like protocol and system isolation, encrypted display, and detailed session logging and recording. This comprehensive security and compliance approach is suitable for industries with rigorous regulatory requirements, such as energy, government, manufacturing, and more.
By focusing on reducing the network’s attack surface and employing a zero-trust framework alongside protocol isolation, these technologies offer a forward-thinking method to secure critical infrastructure. Leveraging such innovative solutions significantly enhances organizational resilience against cyber threats, ensuring the continuous and secure operation of critical systems.
How do international standards and collaborations contribute to strengthening critical infrastructure cybersecurity, especially in sectors like energy and telecommunications?
The standards & collaborations contribute by building the ‘table stakes’ by which companies measure themselves against what can be considered the ‘best practice’, just like in non-critical infrastructure areas. As these standards are adopted, the companies that are not in compliance with the standards will hopefully soon become the exception and not the norm, setting a stage for regulators to be able to hold them to the standard, given the majority of the industry/sector is compliant with them.
What role do private-sector entities play in safeguarding critical infrastructure, and how can public-private partnerships be optimized for better cybersecurity outcomes?
Government entities have neither the funding nor the expertise to be able to secure their infrastructure. Private-sector entities play a fundamental role in safeguarding critical infrastructure, as they not only manage substantial assets but also can bring innovation in cybersecurity practices. Their role extends beyond safeguarding their networks to contributing to the overall resilience of critical infrastructure through cutting-edge security solutions and rapid response capabilities.
Partnership can be strengthened through clear communication channels, mutual trust, regular joint exercises, and aligning strategies with cybersecurity frameworks. By leveraging each other’s resources, expertise, and intelligence, these collaborations can create a more resilient and secure infrastructure ecosystem.
How do you foresee the future of critical infrastructure cybersecurity evolving in the next 5-10 years, and what should organizations do now to prepare?
Over the next 5-10 years, critical infrastructure cybersecurity will evolve significantly driven by technological advancements and escalating cyber threats. As cyber-physical systems become more interconnected, the risk of sophisticated attacks will increase, particularly from state-sponsored actors.
Organizations must prioritize building resilient infrastructures by investing in security by design, secure remote access, network segmentation, real-time threat intelligence sharing, and vulnerability management. Emphasizing resilience planning and incident response strategies will be crucial in preparing for and mitigating emerging cyber threats, ensuring the continuity of critical services.