Critical Infrastructure Cyber Attacks: A New Form of Warfare
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
We are living in an age of increasingly complex warfare. While traditional tactics such as ground troops and air strikes are still deployed, a new form of attack has been on the rise in recent years: critical infrastructure cyberattacks.
These attacks target vital systems such as power grids, water supply, and transportation networks, intending to disrupt essential services and cause widespread damage.
This article will explore the most common targets of these attacks, their effects on society, and how businesses can protect themselves.
What Is Critical Infrastructure?
Defined as the essential body of assets, systems, and networks that ensures the proper functioning of any nation, critical infrastructure is the basis of a nation’s safety, public health, and economy.
In a nutshell, critical infrastructure refers to the systems that are fundamental for the functioning of a society. This includes everything from power grids and water supply to transportation networks and communication systems. In the past, these systems were primarily physical. But with the rise of the internet and connected devices, they have become increasingly digital.
The impact can be devastating once critical infrastructure falls prey to a cyber attack. It might even result in loss of lives if these threats affect public health institutions.
The growing complexity of critical infrastructures, such as power generation and distribution systems, has made them more reliant on interconnected networks of devices. In the past, these systems operated in isolation from one another, but the modern infrastructure is much more interconnected across sectors and locations.
This increased interconnectivity can make these critical infrastructure systems more vulnerable to disruptions or attacks, posing a severe risk to public safety and economic stability. To mitigate these risks, we must develop strategies that improve our understanding of how these complex systems work and enhance our ability to monitor and manage them effectively.
The Cybersecurity and Infrastructure Security Agency distinguishes these types of infrastructure sectors:
- Government Facilities Sector
- Critical Manufacturing Sector
- Water and Wastewater Systems Sector
- Communications Sector
- Energy Sector
- Transportation Systems Sector
- Chemical Sector
- Emergency Services Sector
- Dams Sector
- Healthcare and Public Health Sector
- Commercial Facilities Sector
- Nuclear Reactors, Materials, and Waste Sector
- Financial Services Sector
- Defense Industrial Base Sector
- Food and Agriculture Sector
- Information Technology Sector
Why Are Critical Infrastructure Attacks on the Rise?
As the world becomes more dependent on online infrastructure, it is increasingly vulnerable to attacks and exploitation. Significant events have forced organizations to adapt their operations in recent years, often relying on remote access to ensure business continuity.
However, this has come at a cost, as many experts believe that industrial networks lack the security controls to keep critical infrastructure safe. Additionally, IT security personnel raise concerns about potential attacks on critical infrastructure compared to enterprise data breaches. Nearly three-quarters of IT professionals in the security department believe that critical infrastructure is in great danger.
Government agencies, regulators, critical infrastructure owners, and other public and private actors have called for increased funding and attention to securing these vital sectors. We must proactively protect our digital infrastructure from cyber security threats to meet this challenge.
Since critical infrastructure sectors such as utilities, transportation, and communications are vital to our economy and society, there has been an increased focus on securing these systems from potential cyberattacks. Governments and other public and private actors have called for more significant funding and attention to these critical systems to prevent the devastating effects of a cyber attack.
Moreover, recent surveys indicate that many infrastructure staff members have recently experienced security incidents, with half experiencing at least two incidents. Specifically, 90% of respondents reported one incident the previous year, while half had two or more. For protection against some of the most significant infrastructure cyber attacks, it is crucial to learn from past episodes by analyzing what made them successful so that we can take steps to prevent similar outcomes in the future.
Tech giant Trend Micro’s report indicates that 89% of manufacturing, electricity, and oil and gas companies, faced cyber attacks that affected their energy supply and production within the past 12 months. Insights from this report show that 48% of companies that admitted disruptions didn’t go through with improvements and efforts to minimize future threats. Moreover, 40% of respondents admitted they couldn’t block the attack coming their way.
Investments in cloud systems were one of the top drivers among cybersecurity respondents, with 28%, followed by private 5G deployments (26%). Operational Technology (OT) has difficulty catching up with IT regarding risk-based security.
Most Commonly Targeted Industries
As core infrastructure is essential to the functioning of any society, it is often the most vulnerable to attacks and outages in times of crisis. This infrastructure includes energy, water, transportation, and healthcare systems needed to sustain essential functions and livelihoods. By disabling or denying access to these critical resources, attackers can cause significant economic harm and damage to a country’s social well-being.
We’ve noticed increased infrastructure cyber attacks, but the most common sectors have remained the same. When state-sponsored attacks are aimed at the enemy’s infrastructures, the energy sector is typically the first to be affected, but not the only one.
One such instance happened in 2013 when Iranian state-sponsored hackers launched a successful attack at the Bowman Avenue Dam in New York and managed to control the floodgates. This led to multiple other branches being vulnerable, and media reports stated that other breaches took place.
The Water and Wastewater Systems Sector is also a typical victim of such attacks. When these attacks are successful, the consequences can be enormous financial damage and the loss of many human lives.
A hacking incident from 2021 almost proved that point. Specifically, a cybercriminal group hacked Florida’s water plant system and managed to raise the level of sodium hydroxide in the water with a clear intent to harm those who drink it. This breach was made possible due to the lack of a strong password and the fact the operating system needed to be updated. Luckily, this was spotted and fixed in time – otherwise, the outcome could have been deadly.
A few months later, the energy sector was the target of an attack that became one of modern history’s top critical infrastructure threats. This was the Colonial Pipeline. It was a case of an elaborate ransomware attack that ended when the Pipeline was forced to pay almost $5 million, so it could go back to its regular operations. The hack was well-covered in the media, and people around America went on to panic-buy gas, leading to significant public distress.
The transportation sector is no stranger to breaches, as it’s often faced with ransomware threats after its transit operations and cyber hijacking, disruption of sensors, and geolocation data.
Additionally, modern cyber conflicts have evolved rapidly in recent years, with many documented cases of severe cyber attacks on governments and companies alike. Businesses and other non-involved parties should educate themselves on the potential impact of these attacks to prepare for future risks.
Top Critical Infrastructure Cyber Attack Examples
To shed some light on how these essential sectors can be porous, affect a nation’s day-to-day operations and stability, and even put lives in danger, we’ll list the most significant and impactful attacks on critical infrastructure.
CPC Corp, a Taiwanese State-Owned Energy Company
One of its essential resources of Taiwan in terms of liquid natural gas import and oil delivery, CPC Corp, fell victim to a ransomware attack in April 2020. The company’s payment system was utterly devastated, and it took great effort to bring things back to normal. Luckily, no damage in production ensued.
But what does the hacked payment system entail? The customers could not pay for their gas using VIP cards at the gas stations, and all apps became utterly unresponsive. It is believed that a faulty flash drive was the backdoor for this infrastructure attack. Although the officials didn’t name the threat actors, the main suspect was the Winnti group.
If not taken immediately after the attack was mitigated, some measures should be taken to protect from similar attacks. Operational IT systems should be separated from the Operational Technology (OT) network, and OT processes should be placed in tiers to separate critical functions from the remaining ones.
Ukrainian Power Grid
In 2016, a cyber attack aimed at a critical infrastructure sector almost had a deadly outcome. Half of the Ivano-Frankivsk region relied on the PrykarpattyaOblenergo power facility. Once its systems were infected with malware, nearly 700,000 people were left without power.
The attack was everything but simple. In an elaborate effort to immobilize the power facility, the attacker used credential theft, spearfishing, KillDisk, DoS attacks, and remote access exploits using a VPN. It is suspected that the Russian hacker group Sandworm was behind the attack. Similar to the previous critical infrastructure attack example, this attack affected thousands.
Triton Attack
The Triton malware attack in 2017 was a far-reaching event that took over industrial control systems. As is the case with most of these attacks, it was state-sponsored, and it targeted a Saudi petrochemical plant by taking over the safety instrument systems of the plant. The aim was to kill humans by launching an explosion or releasing toxic gas.
The hacking method used for this hack was spear phishing. At the same time, some believe that the vulnerable point that the threat actors took advantage of was a poorly configured firewall.
The attack could have been prevented if regular audits had been run and the firmware for the products had been kept up to date.
Is Data the Main Target?
Cyber attacks on critical infrastructure and manufacturing are becoming increasingly sophisticated, with many targeting industrial control systems instead of stealing data. According to recent research from the Organization of American States (OAS) and Trend Micro, 54% of US critical infrastructure suppliers have reported external attempts to manipulate or control systems. In comparison, 40% have experienced attempts to shut them down.
Many experts believe these attacks are becoming more common due to several factors, including the increasing sophistication and effectiveness of cybercriminals. For example, it may be easier for attackers to gain access to OT systems than to steal sensitive data, which can often be protected using robust security measures. Additionally, there may be a financial incentive for cyber criminals who target OT systems, as they may be able to exploit them to cause severe damage or disrupt critical services.
As a result, organizations in the critical infrastructure and manufacturing sectors need to take proactive steps to protect their OT systems against potential cyberattacks. This could include implementing more robust security controls, conducting regular system monitoring and backups, and partnering with experts to help them stay updated with the latest threats and best practices.
Measures Governments Are Taking To Prevent Critical Infrastructure Cyber Attacks
Several countries have developed strategies to strengthen critical infrastructure, and best help deal with the dangers that might put entire nations at risk if performed successfully. Let’s take a look at some of these efforts.
Germany’s government is currently implementing measures to improve the security of its communication systems, such as establishing a separate external data center to protect critical information. However, private companies own and operate much of the world’s critical infrastructure, as evidenced by recent cyber attacks on satellite provider Viasat. These attacks highlight the necessity for public and private entities to prioritize cybersecurity measures to protect essential data and operations.
To strengthen national cybersecurity, Germany and other members of the European Union are implementing regulations that require critical infrastructure providers, such as energy and telecommunications companies, to adhere to specific security measures. In a similar move, the United States recently passed a law requiring these providers to notify authorities quickly in the event of hacking.
Continued efforts from government and private entities will be crucial in protecting against cyber threats and ensuring the safety and security of our digital infrastructure.
Final Thoughts
Critical infrastructure is under constant threat from cyber attacks. To protect these vital assets, it is crucial to implement a comprehensive security strategy and strive to understand how best to improve industrial control systems to match the security strength that IT has. Regrettably, these attacks won’t stop, so the only solution is to work on prevention and create action plans for situations where the threat succeeds in attaining its objective.