Securing UK essential service operators from cyberattacks
In recent weeks, tensions between Russia and Ukraine have escalated and world leaders have begun to prepare for the consequences that could arise should an invasion occur. The UK government is already engaged in talks with both countries, and this involvement could potentially place the UK in the crosshairs of attacks and threats associated with the conflict. As a result, in late January, the National Cyber Security Center (NCSC) warned UK organizations that they must work to improve their resilience against malicious cyberattacks as tensions between the two countries mount.
The advice is mainly aimed at large companies. However, when considering which attacks could have the biggest impact and cause the most damage in the UK, essential service operators (OES) are a prime target.
Operators of essential services are the foundation for the efficient functioning of society. Oil, gas, power, transport, healthcare and water are just some of the sectors that make up the UK’s OES. If a successful cyberattack was carried out on one of their networks, the consequences for society would be enormous.
These organizations need to prioritize their attack defenses, implement appropriate mitigations, and harden their networks against malicious attackers. However, when it comes to securing their environments, they present unique challenges that add significant complexity to the task.
The complexity of industrial networks
Driven by gains in operational excellence, customer satisfaction and digital transformation, formerly autonomous or weakly connected factories and machines are becoming highly connected with corresponding reductions in the number of operational staff now required.
However, adding connectivity to factories means machines can be accessed from the outside, allowing cybercriminals to access OES networks.
Industrial organizations have sought to reduce this risk, but many face challenges because re-architecting their environment is often not easy, timely, and resource constrained. Some machines are also too critical to take offline to apply security updates or mitigations. Often these legacy machines are so outdated that if turned off there is no guarantee they will ever turn back on. These machines are often no longer under their manufacturer’s security support, or their manufacturer no longer exists. The fallout could mean no water, gas or electricity for households, a risk no organization wants to take. Second, many organizations have no real understanding of the assets that are even functioning in their environments, as they have no tools to perform network inventories.
These challenges mean that industrial organizations often have weaknesses in their networks that attackers could easily exploit. So how can they reduce the risk?
Protect operators of essential services against cyberattacks
Despite the challenges, there are still important steps industrial companies can take to improve their resilience against cyberattacks. It all comes down to preparing and developing a security program that encompasses people, process and technology.
Employees must be regularly informed of security threats and the techniques deployed by cybercriminals. Employees are an organization’s first line of defense, but they can also be its greatest weakness if they are not trained in security. This means that it is essential to train and develop personnel with the necessary skills to improve cybersecurity and to allocate sufficient budgets to ensure that they are properly equipped to recognize and mitigate potential threats.
From a process perspective, OES should aim to embed security into internal processes. They should conduct regular incident response training to identify weaknesses and secure them, frequently discuss security and conduct assessments as digital transformation efforts accelerate, ensuring that no device works with default passwords and limiting the number of administrator logins in environments.
When it comes to technology, there are essential solutions that OES can deploy to protect its networks. These tools can help with asset discovery and visibility to ensure that all devices in the environment are tracked and secured, and that there are no monitoring gaps. They can also help with network segmentation to ensure attackers cannot perform lateral movement. These tools can also help fix vulnerabilities and detect and prevent malware from entering systems.
It’s unclear how the situation between Russia and Ukraine will evolve, so industry organizations need to start preparing for attacks now by hardening their systems and developing a defensible architecture. After all, when it comes to defending against cybercrime, preparation is one of the most important elements for an effective response.