Critical Infrastructure Cybersecurity: Shifting to Proactive Readiness

Critical Infrastructure Cybersecurity: Shifting to Proactive Readiness

In today’s perpetually connected world, reliable energy delivery requires cyber-resilient delivery systems. The nation’s security, economic prosperity, and the well-being of our citizens depend on reliable energy infrastructure.

Operational Technology (OT) networks are increasingly converging with IT networks as critical-infrastructure companies modernize to enhance functionality and lower costs. But rapid digital transformation and convergence also come with increased susceptibility to potential cyber-attacks.

Malicious actors could leverage vulnerabilities in the devices that make up critical infrastructure such as smart sensors, programmable logic controllers (PLCs), and remote terminal units(RTUs).

Unfortunatley, national critical infrastructure systems cannot patch their way to safety and security in cyberspace. There needs to be an ongoing proactive effort to ensure the success of grid modernization and transformation of the Nation’s vital systems. This necessitates increasing the security, reliability, and resiliency of critical infrastructure delivery systems as well as the products and devices that are a part of it. The recent Colonial Pipeline and SolarWinds attacks clearly underscore how vulnerable the current systems are and how greatly impacted the economy can be when it is attacked.

Take a Strategic Approach

To counter an adversary’s scheme, and to combat cyberattacks effectively, a strategic approach is needed. Identifying critical product functions will enable product security managers to obtain a better understanding of potential risk, which will enable them to refine their cybersecurity offerings and engagements.

Support the Front Line

Product Security Managers serve as the first line of defense against cyber-enabled sabotage and security breaches. Their role starts at product inception, helping OT device/system manufacturers bake in security at the start of the process making them cybersecure.

To better support these front-line managers, organizations must invest in resources to ensure they understand the cyber strategies and tactics used by adversarial state and non-state actors targeting critical infrastructure products. This can be done by leveraging a vulnerability management solution that recognizes threats bad actors utilize and updates as new ones emerge, minimizing risk to your organization.

Build a Resilience Program

There are three recommended strategic efforts to build the sector’s day-to-day secure-operational capabilities. These aid in identifying threat intelligence, improving products and process level cybersecurity posture, and performing cyber-incident response and recovery programs.

Industry experts have identified three key processes that will enable product security managers to build a resilience program:

  1. Design targeted monitoring approaches – Critical infrastructure OEMs should adopt processes and tools to monitor and detect potential vulnerabilities and the attack pathways adversaries could use to compromise their systems. Building a product software bill of materials (SBOM) will provide manufacturers a roadmap to assess the controls they need in order to respond to threats quickly. Without a clear understanding of the software that makes up their products, they risk being unaware of vulnerabilities until it’s too late.
  2. Leverage commercial solutions – Commercial solutions allow teams to leverage security expertise that’s available in the market, scale their vulnerability management activities by automating time-consuming functions such as threat monitoring, vulnerability impact assessments and even triaging, while they can focus their expertise and time on the most impactful risks, DevSecOps and process optimization.Having a common organizational solution, teams can create a type of feedback loop in the development process. As vulnerabilities are discovered or bad open-source code is identified, the information can be shared. As the process is updated, other teams can re-use the solution rather than re-inventing the wheel and having to fix the same problem across multiple teams.
  3. Refine data monitoring, sharing, and analysis – By sharing data and insights between internal groups, suppliers, and peers, software quality improves over time by identifying and mitigating potential coding issues. This model is used heavily in open-source, where numerous individuals help identify and resolve issues collaboratively. Furthermore, this can advance the creation of better supporting tools that will generate timely alerts and actionable information, allowing those in the supply chain to apply mitigating measures efficiently.

These strategies are augmented by efforts to integrate innovative cyber-resilient new tools and technologies like cyber Digital-Twins, C-SBOM asset discovery, and autonomous mitigation to reduce potential risk of disruption of day-to-day operations from a cyber incident.

Organizations should look at cybersecurity as more than a compliance and regulation check-the-box mandate. Expectations from regulators, customers and the general public have changed. Device manufacturers can gain a lot from answering the growing demand to be more transparent, modernize their cybersecurity defenses, and strengthen their responses to cybersecurity events.