When we think about cyberattacks, we tend to imagine the loss of a large chunk of our data, or not being able to work for several hours. In the case of companies, the risk increases considerably, since they can lose confidential information and face serious cybersecurity problems, as well as problems for the running of their business. But what happens when a cyberattack affects a basic service? What if we’re suddenly left without power?
That is exactly what the US Department of Energy has set out to determine: in November of this year, it is going to simulate a cyberattack on the electrical grid to analyze the consequences of an event like this that could bring the whole country to a standstill.
During the drill, the American Government will mainly analyze three factors: firstly, where the attack is coming from and what its intentions are; secondly, how it has affected the supply, and how the service can be brought back; and thirdly, to what point the system can run using just its own internal resources.
Increasingly frequent attacks
The Department of Energy’s experiment is not something trivial: according to the report The State of Security in Control Systems Today, one third of critical infrastructures have been hit by an attack at some point. What’s more, crypto attacks are also on the up, and cyberattacks on industrial control systems (ICS) have doubled throughout 2018, according to a report from the Valencian International University.
For large companies and public administrations, this is nothing new. The Ukrainian Government experienced this a little under two years ago when several power stations were suddenly left unable to provide electricity. It was all down to the malware BlackEnergy, which, as well as attacking these critical infrastructures, prevented the computers from restarting.
The British Government is no stranger to this situation either. In this case it was the arrival of WannaCry, which took over the IT infrastructure of the NHS, causing operations to be cancelled and preventing nurses from providing emergency assistance.
But public administrations aren’t just on the receiving end of critical infrastructure attacks: they can also cause them. That is what the US Government did in 2010, when it launched the worm Stuxnet to disable 1,000 centrifuges in the nuclear plant that the Iranian Government owns in the Natanz region. This action demonstrated that those who carry out these attacks don’t necessarily have to be cybercriminals aiming to make a quick buck.
How to curb cyberattacks on critical infrastructure
Companies and public administrations face great risks for their cybersecurity, and this danger increases even more when we talk about critical infrastructure. To help answer the question of how this kind of problem can be prevented, attacked, or solved, PandaLabs has launched its report, Critical Infrastructure: Cyberattacks on the backbone of today’s economy. It also presents a series of recommendations, such as:
1.- Detection of weak points. To act preventively, large organizations must protect their corporate cybersecurity by carrying out a complete analysis of their IT systems in order to detect any vulnerabilities or weak points. Not only must these points be protected, but they must also receive greater attention, or be isolated from the rest of the system if it is deemed that there is a high risk of attack.
2.- Protection of systems. When it comes to protecting different services, organizations must watch out for their security by outlining all possible attack scenarios and reinforcing the points of resistance of each of them even if it is just to slow down the attacker.
3.- Automatic reaction. Companies not only need to predict the arrival of a cyberattack, but they also need to know how to respond to one if it becomes inevitable. Here, swiftness is key: simple action protocols and rapid (and even automatic) responses must be designed to solve the problem as quickly as possible.
3.- Alternative channels If an attack affects a company or a public body, the normal course of action is to turn off the machines until it’s fixed. But what if the attack is on some kind of infrastructure that provides a basic service, such as electricity, that must be restored as soon as possible? In those cases, the organization needs to keep protecting their corporate cybersecurity, as well as having alternatives to restart the supply while they are fixing the underlying problem.