Page 27 - Cyber Defense eMagazine January 2024
P. 27
lights can be turned on at the flip of a switch or that the faucet at home never runs dry could be threatened
without safeguarding attack vectors to prevent successful cyberattacks.
Feeling the Ripple Effect
While critical infrastructure may often be the target for malicious adversaries attempting to disrupt key
services and day-to-day living, the ripple effect that comes from any organization facing a cyberattack
can be widely felt. The initial target can often be just the starting point.
The recent conflict in Ukraine has become a case study example for how interdependent organizations
that rely upon shared services have become. In a successful bid to render ViaSat’s commercial satellite
KA-SAT network inoperable to achieve military objectives, there was a ripple effect that spread into
adjacent critical infrastructure domains causing a loss of critical public services in 2022. The same
satellite services that supported Ukraine’s military also supported European wind power generation,
causing the shutdown of over 5,000 wind turbines in Germany that have total power output of 11
gigawatts.
The ransomware attack on Colonial Pipeline in 2021 was an example within the U.S. of what can happen
when critical infrastructure operations are severely impacted. A ransomware attack resulted in the
pipeline’s digital systems being shut down for several days, halting a vital U.S. oil pipeline. Consumers
and airlines alike were affected by the shutdown and resulted in President Joe Biden declaring a state of
emergency. The attack was named the largest publicly disclosed cyberattack against critical
infrastructure within the U.S. to date.
The purpose of the Colonial Pipeline attack was to collect a ransom but ultimately it led to a significant
disruption to critical services that affected a large portion of the U.S. population. In both the Ukraine and
Colonial Pipeline incidents, the effect of the cyberattacks extended well beyond the attacker’s intentions.
Given the many cyber interdependencies that exist, owners of critical infrastructure must prepare to be
resilient to cyber incidents, even when not the intended target.
Another factor that is expanding the universe of attack vectors is the dramatic increase in remote work.
Such work was required during the COVID-19 pandemic and launched a trend in decentralized
workforces that is apparently here to stay. Owners and operators of critical infrastructure also had to
adapt to these realities, enabling more remote access to operational control networks than ever before.
Such an increase in access, especially for critical infrastructure assets, led to greater flexibility but also
gaps in cybersecurity. With remote workers accessing crucial data, these individuals may have their own
routers and configuration systems installed to complete work, resulting in unknown and unmonitored
communications pathways to the OT environment. It’s difficult to secure or monitor data communications
pathways in and out of a critical system if the asset owner doesn’t know these attack vectors exist.
In summary, cyber adversaries are leveraging these trends — the expanding number of vectors, including
satellite and wireless communication networks, the growing shared dependence on third-party vendors,
and the increasing number of network access points needed to accommodate remote workers — which
is making critical infrastructure harder to defend from cyber incidents that result in downtime for key
services.
Cyber Defense eMagazine – January 2024 Edition 27
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.