Home Cyber Security Why detection is dead when it comes to the cybersecurity of Critical Infrastructure 

Why detection is dead when it comes to the cybersecurity of Critical Infrastructure 

by maria

By: Audra Simons – Senior Director, G2CI Global Products – Forcepoint

The push to become more digitally-driven, make use of cloud technologies, and take advantage of constant connectivity is a given for enterprises and government entities alike. Critical

Infrastructure (CI) organizations, which are commercial, but often highly sensitive and work closely with government agencies and bodies, are no exception to this. The National Cyber Security Centre’s 2021 annual review revealed that the Government plans to increase the National Cyber Security Program’s budget by £114 million, with a further £2.6 billion investment in cyber and legacy IT over the next spending review period – and much of this will focus on improving the resiliency of critical infrastructure and defense IT.

Much of this investment has come from a desire to modernize and increase both the productivity and efficiency of CI. Critical infrastructure’s Information Technology and Operational Technology (IT/OT) systems are often built on bespoke, legacy and in some case antiquated systems.

Historically, IT and operational systems were ‘air gapped’, with a physical separation between

systems connected to the Web, and standalone internal-only systems and networks. In a world of Internet of Things and bi-directional data sharing, the two systems are gradually being connected, providing more agile and flexible processes, reduced costs and

remote management ability.

There are clear benefits, then, but there are also equivalent risks. Threat actors know CI is gradually becoming better connected, and they’re exploiting weak links in these developments.

Highly sophisticated attacks in this sector are becoming more frequent, linking all the way back to Stuxnet in 2010. Everything from Wannacry, Petya and Dragonfly are all well known for the disruption they’ve caused to energy firms, manufacturers, and other public services. This is before you get onto threats like ransomware, the use of which has skyrocketed in recent years. Ransomware cost British businesses alone as much as £365m in total in 2020.

Sharing data, not malware

Although efforts to secure critical infrastructure are nothing new, it’s becoming increasingly clear that legacy technologies on their own are not enough to face sophisticated and bespoke attacks. Traditional methods of detecting malware before it reaches its target are always playing catch-up. The attacker only needs to be right once, but the defender needs to be right all the time to ensure the malware is being detected and blocked. This game of cat and mouse is something that threat actors can exploit to get malware into systems. The future of security, particularly for critical infrastructure, lies in prevention rather than detection.

For example, take firewalls. They act as the first line of defense for monitoring and controlling network traffic based on pre-set rules. They’re a very effective and commonly used means to protect a network, but at a high-level. They’re not designed to perform multi-layered inspection

of what entities might be leaving a system, and with what data. Malicious code hidden within an innocuous looking document can still get through.

In an era where cross-domain data sharing is becoming a common practice, organizations must layer security technologies to ensure protection and compliance, as well as ensuring data is suitably classified for high level inspection.

While all crucial infrastructure architectures are built differently, with varying levels of security requirements and individual devices in play, they all have something in common – a need to protect data in transit and keep OT networks clean and protected.

Strengthen your network security

One way of solving this is through data guard technology. This allows documents to be transferred through different security levels and departments, while ensuring there is no hidden malware being hosted on the way in, or hidden data being stolen on the way out.

But there are several other ways to improve network security to boost protection, such as taking a completely zero-trust approach. Working from the concept of ‘never trust, always verify’, Content, Disarm and Reconstruction (CDR) technologies can be built into critical infrastructure systems to ensure that malware simply can’t get through. CDR protects enterprises and government entities alike by deconstructing and disarming commonly used files, including MS Office, PDFs, images, etc, and rebuilding them to be new, sanitised files.  Through this process, malicious content is removed.  After processing via CDR, these files can then be passed securely to government, critical infrastructure, and enterprise users without taking the risk of the file containing malicious content.

Forcepoint recently acquired Deep Secure to provide this zero trustservice to our customers. Unlike traditional security inspection products, Deep Secure’s CDR platform is less about detection and more about proactive prevention to achieve a high level of efficacy, along with a great user experience, flexible deployment, and proven ROI.

Critical infrastructure is, simply, critical. Energy, healthcare and transportation are all vital to keeping society running. As systems in these sectors are increasingly connected to the Internet, security can’t afford to take a back seat. CI leaders must rethink their approach to security when sharing data – looking at prevention rather than detection– to further build their resilience to cyber-attacks and breaches.

You may also like