A data breach targeted at a normal organization could be catastrophic for its operations. A data breach targeted at a critical infrastructure organization could be catastrophic for the entire country.\u00a0<\/span><\/p>\n To understand why, we must first understand what comes under its scope. Critical infrastructure (CI)<\/strong> involves all the organizations, systems, and structures that form the backbone of a nation\u2019s economy, health, and security. A wide range of sectors come under critical infrastructure –\u00a0 from dams to defense, from energy services to emergency services, from food & agriculture to financial markets. A breach in critical infrastructure could lead to economic crisis, public disorder, and even loss of life.\u00a0<\/span><\/p>\n The bad news is? Attacks against critical infrastructure are growing. A study by KnowBe4 saw that global critical infrastructure faced over 420 million cyberattacks between January 2023 to January 2024. That equates to about 13 attacks per second. And they are increasing not just in frequency, but also financial severity – the IBM 2023 Cost of Data Breach Report puts the average cost of a data breach involving CI at $5.04 million, which is $1.26 million higher than the overall average.<\/span><\/p>\n The attacks are increasing, because the range of threat actors is wider. In general, private organizations mostly face attacks from financially motivated hackers. For CI, there are a lot more antagonists in the picture:<\/span><\/p>\n Amid these escalating attack vectors, CI organizations are faced with a multitude of challenges:<\/span><\/p>\n The truth is, that the battle between security vs. business operations in critical operations is a myth. Business operations will cease to exist without proper security measures in place, and our entire way of life could be compromised as a result.<\/span><\/p>\n Here\u2019s the good news –\u00a0 the best cybersecurity programs (like ours!) help optimize your operations, through benefits like automated processes, unified oversight, and data-driven insights. The rest of this blog will focus on how to secure critical infrastructure by exploring several infamous attacks in the sector and taking the learnings from them to construct CS programs that will give your organization an extremely strong security posture.<\/span><\/p>\n Long before the Russia-Ukraine war broke out and became an insidious battle to weaken each other\u2019s critical infrastructure, Russian hackers successfully conducted an attack back in 2016 that left over 700,000 Ukrainians without power in the middle of the winter. What\u2019s interesting about this attack is that it was not conducted by exploiting one particular vulnerability. Hackers used a multitude of tools & tactics to succeed, including KillDisk, credential theft, remote access exploits, spear phishing, and DoS telephony attacks.<\/span><\/p>\n Lessons Learned: <\/i><\/strong>Simply put, cybersecurity is not something where one solution fits all. You have to incorporate <\/span>defense-in-depth<\/b>, which involves using multi-layered security systems (IDS, firewalls, stringent access control, encryption tools, etc.) for more responses to different kinds of cyber threats.<\/span><\/p>\n For the next example, we look at an incident closer to home. In 2022, AIIMS Delhi saw 5 of its 100 servers breached through ransomware, leading to the attackers possessing 1.3 terabytes of sensitive hospital data. But more than that, it created absolute panic across the ecosystem and severely impacted business operations – appointments got muddled, treatments got delayed and the hackers demanded Rs. 200 crore to remove the ransomware. After the Indian Computer Emergency Response Team<\/a> (CERT-In) got involved, the cause of the breach was determined to be improper network segmentation.<\/span><\/p>\n Lessons Learned: <\/i><\/strong>In such an interconnected environment, <\/span>network segmentation<\/b> is crucial to mitigate the fallout should an incident occur. This countermeasure helps contain the breach to that particular area in your system, making it impossible for attackers to move around the network. We at iValue have industry-standard network segmentation solutions like<\/span>\u00a0<\/span>VMware NSX<\/b> as part of our suite, which help isolate critical systems while enhancing security controls.<\/span><\/p>\n This breach is particularly infamous in the critical infrastructure world because of how widespread the fallout became. Colonial Pipeline was essential to distributing oil across the East Coast of the US, covering 5,500 miles from Texas to New Jersey. Hacker group DarkSide got in through an exposed password of an employee for a VPN account, which was the same password used for other accounts.\u00a0<\/span><\/p>\n The rest is history – Colonial Pipeline paid close to $4.4 million in Bitcoin for a decryption key, but by that time, nearly 11,000 gas stations were still out of gas, and the average cost for fuel per gallon became the highest it\u2019s been in over 6 years. It led Joe Biden, POTUS at the time, to sign an executive order demanding better cybersecurity measures in CI soon after.<\/span><\/p>\n Lessons Learned:<\/strong> <\/span><\/i>Attackers these days don\u2019t hack in – they log in. This makes stringent access control imperative to ward off threats. In the case of the Colonial Pipeline, the attackers gained access and immediately self-elevated their privileges to access the most sensitive information. This can be avoided by a watertight Privileged Access Management<\/a> solution, like the one we have with <\/span>CyberArk<\/b>. This state-of-the-art solution reduces the risk of unauthorized access by continuously monitoring all your privileged accounts.<\/span><\/p>\n This can be described as the cyberattack of 2024, with the President of the American Health Association claiming that the attack is \u201cthe most significant and consequential incident of its kind against the US healthcare system in history.\u201d Change Healthcare is one of the largest health payment processing companies in the world, accounting for nearly 40% of all claims with over 15 billion medical claims every year. The attack led to a backlog of unpaid claims, which resulted in hospital cash flow problems that seriously threatened patients\u2019 access to care. AHA reports that nearly 94% of hospitals have experienced financial repercussions from the cyberattack.<\/span><\/p>\n A subsequent Senate hearing revealed that the reason for the attack was because Change Healthcare wasn\u2019t using multi-factor authentication in its processes.<\/span><\/p>\n Lessons Learned: <\/i><\/strong>For industries dealing in essential operations, <\/span>MFA<\/b><\/a> is a must. Otherwise, the only safeguard between an attacker and your system could be a weak, reused password. However, not all factors in multi-factor authentication are created equal. Through solutions involving physical passkeys and biometrics like Yubikey<\/a>, OpenText<\/a> NetIQ, and RSA SecurID, iValue enforces strong authentication in your ecosystem.<\/span><\/p>\n As a final word, we\u2019d like to point out that critical infrastructure security is paramount in such a dynamic, complex, heterogeneous environment, with multiple threat vectors and serious challenges. However, an end-to-end, mission-critical solution like the one iValue provides can not only fortify your organization’s security but also transform your operations.\u00a0<\/span><\/p>\n Long story short, our solutions never make you decide or compromise between business and security. Instead, it optimizes both aspects, together.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" What is Critical Infrastructure and Why is it at Risk? A data breach targeted at a normal organization could be catastrophic for its operations. A data breach targeted at a critical infrastructure organization could be catastrophic for the entire country.\u00a0 To understand why, we must first understand what comes under its scope. Critical infrastructure (CI) …<\/p>\n\n
Business vs. Security: A False Dichotomy in Critical Infrastructure<\/h2>\n
\n
Lessons from Infamous Critical Infrastructure Cyberattacks<\/h2>\n
The 2016 Ukrainian Power Grid Attack<\/b><\/h3>\n
The AIIMS hack<\/b><\/h3>\n
The Colonial Pipeline Attack<\/b><\/h3>\n
The Change Healthcare Breach<\/b><\/h3>\n