By Bryan Skelton, Data Guard Sales Lead for Global Governments and Critical Infrastructure at Forcepoint
Critical infrastructure is facing a lot of challenges right now. With major ransomware attacks hitting the headlines and purported cyber attacks making changes to operational technology (OT), the industry needs to find failsafe solutions to keep high-consequence infrastructure secure and operational.
Like all other industries, critical infrastructure has benefited from digital transformation and the move to Industry 4.0. Critical infrastructure’s IT and OT systems are often built on bespoke, legacy and in some cases antiquated systems. However, no system can last forever and these updates often mean readdressing the ‘air gap’ – the separation between operational technology and IT systems connected to the web.
In this new world of interconnected systems, critical infrastructure organisations benefit from a multitude of Internet of Things devices with all the additional functionality they bring, and valuable, bi-directional data sharing between IT and OT systems. The benefits of this connectivity are huge: increased productivity, more agile and flexible processes, reduced cost and increased innovation to name but three.
However, with benefits do come risks, and that will include increased internal and external threats to online systems. Threats from external attacks are only increasing, with a long history of attacks against critical infrastructure stretching back to Stuxnet in 2010. Shamoon, Dragonfly, Wannacry, Petya and more are all well known for the disruption they caused to energy firms, critical manufacturing and other public services. The attacks are becoming more frequent, extremely sophisticated, and targeted. The cost of ransomware demands is now through the roof – CAN Financial recently paid out $40m and $60m was demanded of Apple. In fact the cost of ransomware, both in terms of payouts and downtime, is expected to exceed $265bn by 2031.
Rightly so, critical infrastructure is heavily regulated and when data sharing across systems is introduced, this must be properly monitored and managed.
Above all, the physical safety and availability of the asset and the amenity it provides to the community it serves (water, gas, traffic control etc) must be maintained.
Security in the Critical Infrastructure “Airport”
Against this backdrop, how can we modernise and improve our environments while also keeping critical data and systems safe and available? Firewalls and data diodes are the de facto technologies traditionally used, but are limited in terms of functionality and have also suffered in terms of effectiveness against targeted attacks.
The technology gap between the firewall and the data diode can however be addressed.
Let’s think of these technologies as checkpoints in a critical infrastructure ‘airport’. The firewall acts as the check in desk – performing basic checks and verifying a users’ identity. However they are basic checks and you can still get past that point with items you’re not supposed to be carrying. In the airport this may be a bottle of water in your carry-on – in the digital world some hidden malicious code inside an innocuous looking document.
At the other end of the airport security process is the exit gate – similar in critical infrastructure to the data diode. When leaving the airport it’s a one-way only process, but there are no security inspections on the way out. Yes, you can’t get back in, but there’s no record of you leaving, and no-one’s checking you haven’t taken anything you shouldn’t have in your bags. Digitally, a user could exit the network with unauthorised documents, which could be extremely damaging.
The missing piece in this ‘airport’ is Data Guard technology. This guard is a much more in-depth security process – you could think of this as the scanners, security staff, X-ray machines and all the other checks within an airport. These provide a deeper inspection than simple identity only. In the airport, they are a fine-grained, detailed inspection of your person and belongings, checking for any malicious activity (e.g. the hand swab for residue detection).
Data guard transfers information cross domain (from the “clean” to the “connected” system) safely and securely, minimising risk as much as possible. Through a data guard, documents can transfer from different levels of security domain, (Top Secret to Protected) and can be cleaned on the way through to ensure no document is hosting hidden malware in the way in, or exfiltrating hidden data on the way out. The idea here is 100% prevention: and in critical infrastructure, this level of security is necessary.
When Data Guard is applied, it is set up on a bespoke basis with specific rules and protocols for each particular environment. Plug ins can be applied, including virus scanners and CDR services (content, disarm and reconstruction products) to filter all the data and ensure nothing gets in, or out, which is not permitted.
Critical infrastructure architectures are all different, built on different OT set ups and with varying levels of security requirements. Taking a partnership-focused approach to implementing Data Guard and other Cross Domain solutions, security vendors can ensure a programmatic approach which delivers strengthened cybersecurity posture as well as enhanced ROI – bringing in all of those benefits of Industry 4.0 and digital transformation.