Why critical infrastructure operators must urgently adopt a Zero Trust cybersecurity posture
Digital transformation increases operational efficiencies, improves customer experiences, and drives data-based insights and decision-making processes. However, it also exposes the operational technology (OT) that underpins the critical infrastructure (CI) that Australians rely on. Increasing risks created by sophisticated cybercriminals present a significant threat to the systems and services essential to society, including water, energy, transport, food and grocery, and health services.
Attacks on OT can cause widespread disruption to businesses and individuals and pose a serious threat to human life. Warning of heightened threats in the CI sector is unlikely to slow down, prompting the government's recent move to amend current CI legislation under the new Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act). The amended legislation introduces new security obligations that 11 CI sectors must abide by, including new vulnerability assessment, risk management, and reporting responsibilities.
Traditionally, OT cybersecurity wasn't needed because OT systems weren't designed to be interconnected; instead, OT operators relied on security by obscurity as their main defence. However, as OT and IT environments converged, more OT systems became increasingly interconnected and accessible via remote internet connections. As a result, the number of vulnerabilities has multiplied and drastically increased the attack surface for OT networks. Recent attacks on OT highlight the potential for cybercriminal activity to cause widespread disruption and demonstrates the challenges of recovering from an incident even after a ransom is paid.
CI operators must urgently review and enhance their cybersecurity posture to meet new regulations and protect their OT systems. There are similar strategies for securing OT and IT systems on a network; however, they present significantly different vulnerabilities, risks, and consequences. While these risks can't be eliminated, there are a number of ways CI operators can build a better cybersecurity posture that covers both IT and OT environments to detect, respond, and recover more efficiently.
1. Improve OT network visibility: CI operators must have clear visibility of their assets, networks, and OT processes. Without strong visibility, it can be difficult to get a clear picture of where data is coming and going, creating blind spots in the OT network's attack surface, making it harder to identify and access vulnerabilities with precision. Increased visibility lends itself to better awareness of traffic on networks, stronger understanding of what user behaviour is normal and abnormal, and improved vulnerability detection on the network.
2. Implement micro-segmentation: the goal of a zero-trust cybersecurity posture is to minimise the visibility and accessibility of business-critical applications and networks to threat actors. Traditionally, OT networks used local-area network (LAN) solutions; however, this level of segmentation is insufficient to secure these networks. By isolating critical assets, micro-segmentation acts as a fail-safe system that limits the threat actor's lateral movement after breaching a network.
3. Gain continuous, real-time monitoring: ongoing internal monitoring is essential for safeguarding OT networks because of the many business-critical components that can be exposed. Continuous OT network monitoring provides real-time alerts about known and unknown threats and assists cybersecurity teams in identifying irregular behaviour and appropriately mitigating threats.
The growing threat of cyberattacks on the CI sector threatens to cause widespread disruption with devastating consequences. Without an adequate cybersecurity posture, CI operators risk exposure to persistent, sophisticated cyberattacks such as ransomware and data theft that could impact Australia's economic development. As such, it's critical for CI operators to urgently review their current cybersecurity posture and adopt a new posture that aligns with the SLACIP Act and ensures uninterrupted, safe, and reliable operations.