It was just before Christmas in 2015 when cyber attackers disrupted power grids in Ukraine. Almost a quarter of a million people lost power, in the dead of winter, in a first-of-its-kind successful attack on a power grid.
This was not the work of “opportunists”, as Wired Magazine puts it. Rather, the attackers were “skilled and stealthy strategists” that carefully planned the attack over many months.
Audacious attacks like these underscore the fact that cyber warfare is our new reality. Countries such as Singapore are taking steps to protect critical sectors – such as power, water, banking – from attacks and disruption. GovInsider spoke to Mark Orsi, President of the Global Resilience Federation (GRF) on the sidelines of the recent Singapore International Cyber Week to learn more.
The dangers of vulnerable critical sectors
Singapore’s Senior Minister and Coordinating Minister for National Security Teo Chee Hean has just announced the launch of a new hub to share information on critical infrastructure threats – called the Operational Technology Information Sharing and Analysis Centre (OT-ISAC). Critical infrastructure hacks “are among the most pressing cyber threats facing us today”, he said.
This new information sharing centre forms a central part of a critical infrastructure masterplan by the Cyber Security Agency (CSA) of Singapore. It’s a joint effort between CSA and the Global Resilience Foundation.
Globally, 46 percent of respondents to a recent Sans Institute survey on the subject said that increasing visibility into the cybersecurity surrounding control systems was a 2019 priority. Almost 70 percent conducted a security audit of their operational technology or control systems in the past year, and further findings show that organisations are moving to better secure these systems and investing in OT cyber security.
New threats with new connections
Critical infrastructure was typically sealed off from the wider internet. “For water, energy, transportation, other sectors like that, typically they would cordon off these control systems from other networks. That was how they provided protection in the past,” Orsi explains.
But now they are increasingly connected so that they can be monitored and managed remotely using sensors – for example to track water levels or pipe leaks. “We’re becoming a fully interconnected type of system, and operational technology systems are now becoming ‘touchable’ from the network,” Orsi warns.
“We’re becoming a fully interconnected type of system, and operational technology systems are now becoming ‘touchable’ from the network,”
In Singapore, that means that critical infrastructure was not traditionally designed with robust cybersecurity considerations, AsiaOne quoted CSA as saying. An attack could therefore very well lead to mass disruptions, physical harm or even death, the AsiaOne report said.
With knowledge, comes power
The new hub will help tackle these threats by sharing the risks facing banks and power stations. The member companies of the centre can securely exchange details of cyber threats and attacks on their organisations. “We help build and grow and support ISACs, which basically help information sharing – so facilitating sharing of threat intelligence through tools and technology, but also threat analysts who are focused on the OT sector,” Orsi says.
He shares an example from a centre that the federation has partnered with in the financial services industry. In 2012 and 2013 in the US, “we received threat intelligence that there were DDOS attacks of a much stronger bandwidth than had ever been seen before, and they were targeting several different banks in very small bursts,” he says.
That intelligence allowed the members to quickly react, working with partners to guard against another attack. “We ran drills, understood what our exposure was and what our vulnerabilities were to those types of attacks, actually implemented new technologies to help protect us,” Orsi continues, adding that when members of this financial services centre were attacked two weeks later, they were “fully protected” from business disruption.
GRF, which is a nonprofit, has expanded to create centres and partnerships across five continents, working with governments to help secure the sectors and industries that are most vital to the country, according to Orsi.
Supply chains and industrial manufacturing are also vulnerable to attacks, he continues. “There’s a specific targeting for industrial manufacturers and industrial control system pipeline for supply chain.”
As Singapore readies itself for the planned 5G network rollout next year, the security of critical information infrastructure needs to be a top priority, Orsi believes. “Through 5G, and through these other mechanisms, you suddenly will have these different channels that might not be completely planned that will provide you access to those networks, for these nation states and advanced persistent threat type actors,” he explains.
There are groups out there with the power to cripple entire cities, and even countries, if given the chance. One way to protect against these malicious acts is to share threat intelligence with each other, so everyone becomes stronger and more resilient.