Critical Infrastructure Cyber Attacks: A New Form of Warfare
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
We are living in an age of increasingly complex warfare. While traditional tactics such as ground troops and air strikes are still deployed, a new form of attack has been on the rise in recent years: critical infrastructure cyber attacks.
These attacks target vital systems such as power grids, water supply, and transportation networks, with the goal of disrupting essential services and causing widespread damage. In this article, we will explore the most common targets of these attacks, their effects on society, and how businesses can protect themselves from them.
What Is Critical Infrastructure?
Defined as the essential body of assets, systems, and networks that ensures the proper functioning of any nation, critical infrastructure is the basis of its safety, public health, and economy.
In a nutshell, critical infrastructure refers to the systems that are fundamental for the functioning of a society. This includes everything from power grids and water supply to transportation networks and communication systems. In the past, these systems were primarily physical in nature, but with the rise of the internet and connected devices, they have become increasingly digital as well.
Once critical infrastructure falls prey to a cyber attack, the impact can be devastating and might even result in the loss of lives, especially if these threats affect public health institutions.
The growing complexity of critical infrastructures, such as power generation and distribution systems, has made them more reliant on interconnected networks of devices. In the past, these systems operated in isolation from one another, but modern infrastructure is much more interconnected across sectors and locations.
This increased interconnectivity can make these critical infrastructure systems more vulnerable to disruptions or attacks, posing a serious risk to public safety and economic stability. To mitigate these risks, we must develop strategies that improve our understanding of how these complex systems work and enhance our ability to monitor and manage them effectively.
The Cybersecurity and Infrastructure Security Agency distinguishes these types of infrastructure sectors:
- Government Facilities Sector
- Critical Manufacturing Sector
- Water and Wastewater Systems Sector
- Communications Sector
- Energy Sector
- Transportation Systems Sector
- Chemical Sector
- Emergency Services Sector
- Dams Sector
- Healthcare and Public Health Sector
- Commercial Facilities Sector
- Nuclear Reactors, Materials, and Waste Sector
- Financial Services Sector
- Defense Industrial Base Sector
- Food and Agriculture Sector
- Information Technology Sector
Why Are Critical Infrastructure Attacks on the Rise?
As the world becomes more dependent on online infrastructure, it is increasingly vulnerable to attacks and exploitation. In recent years, we have seen major events that have forced organizations to adapt their operations, often relying on remote access to ensure business continuity.
However, this has come at a cost, as many experts believe that industrial networks lack the security controls to keep critical infrastructure safe. Additionally, IT security personnel raise concerns about potential attacks on critical infrastructure compared to enterprise data breaches. Nearly three-quarters of IT professionals in the security department believe that critical infrastructure is in great danger.
In response, government agencies, regulators, critical infrastructure owners, and other public and private actors have called for increased funding and attention to securing these critical sectors. To meet this challenge, it is essential that we take proactive steps to protect our digital infrastructure from cyber security threats.
Since critical infrastructure sectors such as utilities, transportation, and communications are vital to our economy and society, there has been an increased focus on securing these systems from potential cyber attacks. Governments and other public and private actors have called for greater funding and attention to these critical systems in order to prevent the devastating effects of a cyber attack.
Moreover, recent surveys indicate that many infrastructure staff members have recently experienced security incidents, with half experiencing at least two incidents. Specifically, 90% of respondents reported one incident during the previous year, while half had two or more. For purposes of protection against some of the biggest infrastructure cyber attacks, it is important to learn from past attacks by analyzing what made them successful so that we can take steps to prevent similar outcomes in the future.
Tech giant Trend Micro’s report indicates that 89% of manufacturing, electricity, as well as oil and gas companies faced cyber attacks that affected their energy supply and production within the past 12 months. Insights from this report show that 48% of companies that admitted disruptions didn’t go through with improvements and efforts to minimize future threats. Moreover, 40% of respondents admitted they weren’t able to block the attack coming their way.
Investments in cloud systems were one of the top drivers among cybersecurity respondents with 28%, followed by private 5G deployments (26%). When it comes to risk-based security, Operational Technology (OT) seems to be having a hard time catching up with IT.
Most Commonly Targeted Industries
As core infrastructure is essential to the functioning of any society, it is often the most vulnerable to attacks and outages in times of crisis. This infrastructure includes energy, water, transportation, and health care systems that are needed to sustain basic functions and livelihoods. By disabling or denying access to any of these critical resources, attackers can cause significant economic harm and damage to a country’s social well-being.
We’ve been noticing an increase in infrastructure cyber attacks, but the most common sectors have remained pretty much the same. When state-sponsored attacks are aimed at the enemy’s infrastructures, the energy sector is typically the first to be affected, but definitely not the only one.
One such instance happened in 2013 when Iranian state-sponsored hackers launched a successful attack at the Bowman Avenue Dam in New York and managed to control the floodgates. This led to multiple other branches being vulnerable, and media reports stated that other breaches took place.
The Water and Wastewater Systems Sector is also a common victim of such attacks. In cases when these attacks are successful, the consequences can be enormous financial damage and the loss of many human lives.
A hack from 2021 almost proved that point. Specifically, a cybercriminal group hacked Florida’s water plant system and managed to raise the level of sodium hydroxide in the water with a clear intent to harm those who drink it. This breach was made possible due to the lack of a strong password and the fact the operating system hadn’t been updated. Luckily, this was spotted and fixed in time – otherwise, the outcome could have been deadly.
Just a few months later, the energy sector was the target of an attack that turned out to be one of the top critical infrastructure threats in modern history. This was the Colonial Pipeline. It was a case of an elaborate ransomware attack that ended when the Pipeline was forced to pay almost $5 million, so it could go back to its regular operations. The hack was well-covered in the media, and people around America went on to panic-buy gas, leading to great public distress.
The transportation sector is no stranger to breaches, as it’s often faced with ransomware threats that go after both its transit operations and cyber hijacking, disruption of sensors, and geolocation data.
Additionally, modern cyber conflicts have evolved rapidly in recent years, with many documented cases of serious cyber attacks on governments and companies alike. Businesses and other noninvolved parties should educate themselves on the potential impact of these attacks to prepare for future risks.
Top Critical Infrastructure Cyber Attack Examples
To shed some light on how these important sectors can be penetrable and affect the day-to-day operations and stability of a single nation and even put lives in danger, we’ll list the most significant and impactful attacks on critical infrastructure.
CPC Corp, a Taiwanese State-Owned Energy Company
One of the essential resources of Taiwan in terms of liquid natural gas import and oil delivery, CPC Corp, fell victim to a ransomware attack in April 2020. The payment system of the company was completely devastated, and it took a great deal of effort to bring things back to normal. Luckily, no damage in production ensued.
But what does the hacked payment system entail? Basically, the customers were unable to pay for their gas using VIP cards at the gas stations, and all apps became completely unresponsive. It is believed that a faulty flash drive was the backdoor for this infrastructure attack, and although the officials didn’t name the threat actors, the main suspect was the Winnti group.
If not already taken immediately after the attack was mitigated, a couple of measures should be taken in order to be protected from similar attacks. Operational IT systems should be separated from the Operational Technology (OT) network, and OT processes should be placed in tiers, with the goal of separating critical functions from the remaining ones.
Ukrainian Power Grid
In 2016, a cyber attack aimed at a critical infrastructure sector almost had a deadly outcome. Half of the Ivano-Frankivsk region relied on the PrykarpattyaOblenergo power facility, and once its systems were infected with malware, nearly 700,000 people were left without power.
The attack was everything but simple. In an elaborate effort to immobilize the power facility, the attacker used credential theft, spearfishing, KillDisk, DoS attacks, and remote access exploits with the use of a VPN. It is suspected that the Russian hacker group Sandworm was behind the attack. Similar to the previous critical infrastructure attack example, this attack affected thousands.
Triton Attack
The Triton malware attack in 2017 was a far-reaching event that took over industrial control systems. As is the case with most of these attacks, it was state-sponsored, and it targeted a Saudi petrochemical plant by taking over the safety instrument systems of the plant. The direct aim was to take human lives by launching an explosion or releasing toxic gas.
The hacking method used for this hack was spear phishing, while some believe that the vulnerable point that the threat actors took advantage of was a poorly configured firewall.
The attack could have been prevented if regular audits had been run and the firmware for the products was kept up to date.
Is Data the Main Target?
Cyber attacks on critical infrastructure and manufacturing are becoming increasingly sophisticated, many targeting industrial control systems instead of stealing data. According to recent research from the Organization of American States (OAS) and Trend Micro, 54% of US critical infrastructure suppliers have reported external attempts to manipulate or control systems, while 40% have experienced attempts to shut them down.
Many experts believe these attacks are becoming more common due to several factors, including the increasing sophistication and effectiveness of cyber criminals. For example, it may be easier for attackers to gain access to OT systems than steal sensitive data, which can often be protected using strong security measures. Additionally, there may be a financial incentive for cyber criminals who target OT systems, as they may be able to exploit them in order to cause serious damage or disrupt critical services.
As a result, organizations in the critical infrastructure and manufacturing sectors need to take proactive steps to protect their OT systems against potential cyber attacks. This could include implementing stronger security controls, conducting regular system monitoring and backups, and partnering with experts who can help them stay up to date with the latest threats and best practices.
Measures Governments Are Taking To Prevent Critical Infrastructure Cyber Attacks
Several countries have developed strategies intended to strengthen critical infrastructure and best help deal with the dangers that might put entire nations at risk if performed successfully. Let’s take a look at some of these efforts.
Germany’s government is currently implementing measures to improve the security of its communication systems, such as establishing a separate external data center to protect critical information. However, much of the world’s critical infrastructure is owned and operated by private companies, as evidenced by recent cyber attacks on satellite provider Viasat. These attacks highlight the necessity for both public and private entities to prioritize cybersecurity measures to protect important data and operations.
In order to strengthen national cybersecurity, Germany and other members of the European Union are implementing regulations that require critical infrastructure providers, such as energy and telecommunications companies, to adhere to certain security measures. In a similar move, the United States recently passed a law requiring these providers to quickly notify authorities in the event of a hack.
Continued efforts from both government and private entities will be crucial in protecting against cyber threats and ensuring the safety and security of our digital infrastructure.
Final Thoughts
Critical infrastructure is under constant threat from cyber attacks. So as to protect these vital assets, it is important to implement a comprehensive security strategy and strive to understand how best to improve industrial control systems to match the security strength that IT has. Regrettably, these attacks won’t stop, so the only solution is to work on prevention and create action plans for situations where the threat succeeds in attaining its objective.
