Cyber attacks on critical infrastructure have become en vogue
ICS security is a very important area of cryptography because many countries and global organizations depend on SCADA systems to protect vital infrastructure. All of the 16 critical infrastructure sectors are dependent on ICS systems, particularly SCADA tech, at least some part.
Lately, there have been several critical "zero-day" CVE's released that pertain to industrial IT/OT technology and critical infrastructure vendors such as Schneider Electric. The ransomware attack of the Georgia-based Colonial Pipeline that took place on Friday, May 7, 2021, is the latest in a string of attacks zeroing in on public utilities. It resulted in some states declaring a state of emergency, gas shortages due to panicked motorists stockpiling gas and an uptick in gas prices. The company was able to resume operations on Wednesday afternoon, but reportedly paid $5 million to the hackers. Still, it is expected to take weeks for pipeline operations to return to normal.
This latest cyberbreach incident highlights the importance of having the correct cybersecurity and cryptography measures in place to mitigate risk in an age when so many aspects of public utilities and other critical infrastructure systems are digital. Critical infrastructure systems have to be protected from not only spying, but also the implanting of damaging data. This means that ICS networks, particularly SCADA environments, require high-level cryptography.
Traditional cybersecurity and cryptography solutions, like PKI, which uses digital certificates to protect communication on network environments, can be ineffective when presented with current risks. The team at XSOC Corp has designed and demonstrated a patented solution called SOCKET, a cryptographic key-exchange mechanism, for easy and immediate deployment into IT/OT and SCADA environments to protect critical infrastructure components.
CRITICAL INFRASTRUCTURE CYBERBREACH: HOW DID THEY DO IT?
Colonial Pipeline and the U.S. government have both blamed a ransomware attempt for the massive outage. Attackers infiltrated the company’s corporate computer networks and encrypted over 100GB of critical data. Because security personnel were able to identify the risk, they enacted preventative measures and took downstream systems offline before they could be damaged by the ransomware. Taking the systems offline shut down all four of its major pipelines that cater to the Eastern and Southeastern United States, resulting in significant outages for whole pipeline system.
Ransomware can hamstring an organization's network by confiscating operations-critical data or by impairing devices. It has not yet been publicly disclosed exactly how the attackers initially penetrated the system, but exploitation of vulnerable systems, spear phishing and remote administrative access are just a few potential causes.
INSECURE WITH TRADITIONAL SECURITY
Public key infrastructure, or PKI, has been a fixture in IT security for some years, allowing users to encrypt and providing digital certificates as authentication mechanisms for users, servers, websites and devices. It has undergone numerous evolutions while adhering to the traditional approach for encrypted information and secure communication.
SCADA systems typically are created with layers of separations between online, IT networks and OT networks, which are generally more isolated. Because of the increasing connectivity of systems, the critical OT systems are now accessible by IT personnel, remote administrative access, online gateways and other systems. These communication paths used by the networks also serve as multiple potential access points for malicious actors. These access points are multiplied even more when one considers the increasing widespread use of IoT devices and systems in ICS.
PKI can be an inadequate ICS security solution due to issues such as:
Bandwidth factors. There is additional traffic added to networks by PKI for certificate issuances, encrypted email usage, certificate revocation list, etc.
Resource constrained environment. Modern PKI uses a set of protocols that are not applicable for constrained environments, and many small, battery-powered IoT devices lack the power to generate random keys.
Requirements for hard real-time communications for time-critical operations.
SOCKET IS THE IDEAL SOLUTION FOR IT/OT AND SCADA SECURITY
SOCKET, XSOC Corp’s targeted cryptographic key-exchange mechanism, actually has its genesis as an IT/OT and SCADA solution, specifically created to protect critical infrastructure components. It does not require SSL/TLS certificates. Operating as an ICS IIoT or IT/OT solution, SOCKET employs continuously rotating symmetric-key cryptography to create an always unique encryption signal over highly secured networks. The cryptographic key updates can be generated in extremely short cycles, significantly reducing the attack-surface of the network environment (when compared to SSL/TLS).
SOCKET is constructed to operate effectively in secure, air-gapped, closed-circuit, and mixed legacy network environments, helping to establish security in scenarios in which SSL/TLS certificates or asymmetric key exchanges are illogical. With the installation of a small XSOC dongle device in front of critical infrastructure components such as PLCs and HMIs, SOCKET is easily and immediately deployed into IT/OT and SCADA environments, providing immediate effective security with authentication and multifactor encryption.
In the instance of the Colonial Pipeline attack, SOCKET would have halted the attack before any encryption or impairment was done.
XSOC CORP’s SOCKET CAN SECURE COMMUNICATION FOR ICS NETWORKS
Where there is connectivity, there is vulnerability—and the potential for disaster. And much of critical infrastructure is controlled by SCADA environments that are linked to the world via high-speed data networks.
The right approach to securing ICS systems, particularly SCADA, requires the use of right security practices and solutions. XSOC Corp can help your organization reduce the chances of experiencing an expensive and disruptive security breach.