Securing critical infrastructure with privilege access management
When critical infrastructure systems are compromised, cyber can easily become a matter of life or death. This is why tools like privilege access management become critical to securing the access to these infrastructures.
Fuel outages across the eastern US, long lines at gas stations and millions of dollars paid in ransom are just some of the immediate consequences of the Colonial Pipeline ransomware attack which happened back in 2021. After ransomware was installed on their network, the gas pipeline operator was forced to halt services for nearly a week.
When critical infrastructure such as this are attacked, consequences can range from inconvenience to citizens and the loss of valuable data and finances, to potentially the loss of lives.
And such organisations pose an attractive target. The 2022 FBI Internet Crime Complaint Centre’s annual report found that more than a third of ransomware attacks reported to the United States’ Federal Bureau of Investigation were attacks on critical infrastructure organisations. Of these, the healthcare and public health sectors were most affected, with a total of 210 reported attacks out of nearly 900 on critical infrastructure organisations.
The need to secure critical infrastructure
In response to these threats, countries around the world have codified the standards that critical infrastructure owners should uphold when it comes to cybersecurity.
The United States’ Cybersecurity & Infrastructure Security Agency (CISA) recently released an update on its Cybersecurity Performance Goals – voluntary practices that businesses and critical infrastructure owners can take to defend against cyber threats.
Meanwhile, Singapore’s Cybersecurity Act details a Code of Practice for Critical Information Infrastructure in the country.
This involves a multi-prong, multi-layered approach to cyber, comprising areas such as network security, endpoint protection, and cybersecurity training. Within this approach, one key element that critical infrastructure organisations need to address is privileged access management.
In a previous interview with GovInsider, Scott Hesford, Director of Solutions Engineering for Asia Pacific at cybersecurity provider, BeyondTrust, highlighted how attacks like the Colonial Pipeline incident occurred as a result of threat actors successfully exploiting weak access management controls to enter their systems before moving laterally across the environment to gain access to other critical systems.
Hesford highlighted how privileged access management would then be able to help organisations prevent such incidents from happening by stopping the attackers at the point of infiltration, preventing them from accessing other critical systems or networks.
Singapore has recognised the importance of this, having multiple sections dedicated to address this very concern in its Code of Practice for Critical Information Infrastructure, including sections on Access Control, Access Management and Remote Connection.
Preventing unauthorised access with privilege access management
Take for instance Access Control – Singapore’s Code of Practice requires that organisations implement “authorisation and authentication controls for any access to the CII and between parts of the CII commensurate with the cybersecurity risk profile”.
Meanwhile, the Code also highlights that administrative access should be restricted and properly managed. This involves keeping an updated inventory of privileged accounts and management of appropriate access escalation, among other actions.
To properly control who has access to the CII and to administrative privileges, modern privileged access management (PAM) solutions offer both ease of use and granularity of data.
IT teams leveraging such solutions gain control of the type of access different groups receive via a single dashboard. For instance, the ability to not just restrict or grant access to the entire infrastructure, but instead restrict or grant access to certain areas of the infrastructure.
With modern PAM in place, IT teams can easily grant access based on different criteria including roles (such as whether they are technicians, marketing team members, finance staff, etc) or other factors including credentials, location, or device.
External access control and logging
In the event that organisations rely on external vendors, they also need to meet the requirements laid out under the ‘Remote Connection’ section of the Code. This section stipulates that effective cybersecurity measures need to be put in place to prevent and detect unauthorised access from external networks.
The Colonial Pipeline attack, for instance, had occurred as attackers managed to gain access to the systems through an external VPN.
New-generation dedicated remote access is one solution that can help IT teams address this. This provides IT teams with a comprehensive overview of all the credentials and privileges that different vendors and technicians have, while facilitating secured and seamless remote access from anywhere to critical IT systems, cloud applications, and OT system – without the need for VPN.
Additionally, IT teams are able to enforce least privilege and just-in-time access by giving users the exact level of remote access they need – and only for the finite moments needed – even down to restarting a specific process. Coupled with privileged password vaulting, where credentials to start remote sessions are discovered, managed, rotated and auto-injected, IT teams can further fortify their critical access security layer.
IT teams should also ensure that every action during the remote session is recorded, allowing for easy auditing and forensics should an incident occur.
Learn more on how you can better secure access to Critical Infrastructure at this BeyondTrust webinar.