‘Cybersecurity for critical infrastructure is Paramount’
Cybersecurity for critical infrastructure is a key issue impacting various countries across the world. Critical Infrastructure for any country is vital and protecting these assets is critical to ensure the National Security of the country.
The mode of warfare has changed over the years, and cyberspace is a new battlefield for countries to fight their battles. As countries have been investing a lot of money to prepare their land defenses, there is also an urgent need to invest a lot of resources to scale up their cyber defenses as well.
Let us imagine a scenario, wherein Nuclear Power is a major source for generating electricity across the city. If a Cyberattack can impact the functionality of the Nuclear Power Plant, then the electricity supply across the city can be impacted.
This blog will specifically deal with the threat of a worm attack on critical infrastructure by discussing a case study and suggesting measures on how organizations can protect themselves from a worm attack.
IRANIAN NUCLEAR PROGRAM UNDER ATTACK
We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas - things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy.- James Comey, American Public Servant
The operating program of Nuclear Infrastructure has been a major cause of concern across the globe as there are real worries that the facility can be used for military purposes. As a result, Iran has been under sanctions for developing its nuclear program and as a result, the operating program of the Nuclear facility has become a prime target for actors not wanting Iran to develop the facility further.
Hence a targeted attack was planned on the Nuclear Facility by using Cyberspace according to reports in the media.
How did the attack take place?
A program was written that could map out the entire workings of a plant in the nuclear facility.
A plant worker unknowingly introduced the program into the plant by downloading infected files, clicking on malicious links, or connecting infected external devices.
The program then transmitted the data back to the agencies based on the data received a complex worm is created that can disrupt the functioning of the plant
The worm was then introduced into the plant systems and disrupted the functioning of the plant, sometimes causing the centrifuge to move quickly or slowly, the centrifuges can be unbalanced and can explode as well.
Note: Centrifuges play a crucial role in the process of uranium enrichment, a key step in the production of nuclear fuel for nuclear power plants or, in some cases, for the development of nuclear weapons. Source info here.
The above incident shows how the Iranian Nuclear facility was hit, further disrupting its operations and it raises the risks for other countries as well.
The worm is later identified as Stuxnet as the worm escapes the nuclear facility. The above events occurred across the time period from 2007-10.
WHAT IS A WORM ATTACK AND HOW TO PROTECT AGAINST IT?
‘There are only two types of organizations: Those that have been hacked and those that don’t know it yet- John Chambers, American Businessman
A computer worm is a self-replicating malware program that spreads across networks and systems, often without requiring any human intervention. Unlike viruses, worms do not need a host program to attach themselves to; they can independently replicate and spread.
A worm attack is generally more serious than a virus attack as it can replicate and spread independently without the need for a host program.
Be Cautious with Email and Links:
Avoid opening email attachments or clicking on links from unknown or suspicious sources. Many worms spread through email attachments or malicious links. Verify the legitimacy of emails before interacting with them.
Enable Automatic Updates:
Configure your system and software to receive automatic updates. This ensures that you have the latest security patches.
Install and Update Security Software:
Use reputable antivirus and anti-malware software and keep it up to date. Regularly scan your system for malware, including worms, to detect and remove potential threats.
Provide training and awareness programs for users to recognize and avoid potential security threats. Human error is a common factor in the success of many attacks, so educating users on best practices is crucial.
Monitor Network Activity:
Use network monitoring tools to keep an eye on network traffic for unusual or suspicious patterns. Detecting anomalous behavior early can help in identifying and mitigating potential worm infections.
WHAT TO DO IN CASE OF A WORM ATTACK?
‘Not having Cybersecurity awareness, is like entering a battlefield without weapons’
Implement Network Segmentation:
If possible, segment your network to isolate critical systems from less secure ones. This can help contain the spread of a worm if one part of your network becomes infected.
Disconnect from the Internet:
If possible, disconnect affected systems from the internet to prevent the worm from communicating with its command-and-control servers. This can help contain the infection and limit further damage
Restore from Backups:
If you have recent backups of your data, restore affected systems from clean backups. Ensure that the backups are from a point before the worm infection occurred
Scan for Malware:
Run a thorough antivirus and anti-malware scan on all affected systems. Use updated security software to detect and remove the worm from infected devices
Change passwords for all affected accounts, especially those with sensitive information. This helps prevent unauthorized access, as some worms may attempt to steal login credentials.
For any country, the protection of critical infrastructure is vital for national security. As we saw in the case of Iran, an alleged targeted worm attack disrupted its highly critical nuclear program.
Permanent damage to the program could be very costly for national security.
Are national governments learning critical lessons from the incident to ensure employees are fully aware of the cyber risks? It is important to act responsibly to prevent any untoward incident endangering national security.
Gorisco has a wide range of experts who are experienced in defining and designing various solutions to help organizations mitigate their risks and resolve their problems.
At Gorisco, our motto is 'Embedding Resilience,’ and we are committed to making the organizations and their workforce resilient. Reach out to us if you have any queries, clarifications, or need any support on your initiatives.
To read our other blogs, click here. More importantly, let us know if you liked them or not through your comments.