sb-au logo
Story image

Utilities and critical infrastructure providers must improve cybersecurity

06 Jun 2018

Critical infrastructure and utilities providers need to do more to understand the risks that cyber attacks bring, particularly as those providers adopt new and emerging technologies.

That’s according to ForeScout, who says those providers need to take appropriate steps to protect themselves.

“Utilities and critical infrastructure used to benefit from being air-gapped from other systems. In other words, they weren’t connected to a network so the only way they could be compromised was if an attacker gained physical access to assets,” explains ForeScout CMO Steve Redman.

“Now that businesses are adopting automation and the Industrial Internet of Things (IIoT) utilities and critical infrastructure are being exposed to more cyberthreats. Each automated and connected IIoT device is a potential entry point into a company network, and must be treated as such.” 

With Gartner forecasting that there may be 20 billion connected devices by 2020, 25% of all attacks may come via IoT devices.

However if every device is a potential weak point, this may hold back advancements in automation and IIoT, ForeScout warns.

“Utilities and critical infrastructure are juicy targets for hackers because of their critical nature; taking them offline even for a short amount of time can cause significant disruption that could, in extreme cases, turn into civil unrest. Similarly, taking this infrastructure down could also jeopardise the country’s defences, depending on what infrastructure is targeted and how severe the attack is,” Redman explains.

ForeScout provides five key considerations to improve security:

1. Downtime. Operational technology and critical infrastructure can’t go offline, so it’s important to be able to monitor the security status of this infrastructure without switching it off. Passive security techniques let businesses see, classify, and monitor network-connected devices without disrupting operations.  2. Legacy equipment. Legacy devices that were never meant to be connected to the internet weren’t designed with security and cyberattacks in mind. It’s essential to monitor the network activities of this newly-connected equipment and look out for uncharacteristic actions to protect the business.  3. Financial investment. Many organisations invested in legacy equipment with the expectation that these machines would last decades before being replaced. Upgrading this equipment to make it more secure requires additional investment, which may not have been budgeted for.  4. Awareness. With security breaches affecting the bottom line, improving awareness of the need for security has become somewhat easier, but there is still more to be done. Humans are generally the biggest threat due to a combination of innocent mistakes and malicious actions, so it’s essential to educate team members regarding their security responsibilities and how they can contribute to a more secure organisation.  5. Business case. Investing in modern security infrastructure is essential but many business leaders don’t see the urgency. Creating a business case for investment is complicated by the fact that, rather than demonstrating a net gain for the company, it is considered to merely prevent a loss. Mitigating cyberattacks and saving IT staff time are essential components of a strong business.

Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More
Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More