by Daniel Bren, CEO and Co-founder, OTORIO
In 1997, the US Department of Defense (DoD) conducted the first “cyberwar” war games, called Eligible Receiver.
Fast forward a decade, and in 2007 the secret Aurora Generator Test showed how a cyberattack on an industrial control system (ICS) could cause physical damage to a machine and its surroundings.
Fast forward almost another decade, and the 2015 Russian cyberattack on the Ukrainian power grid was the first of its kind to successfully target and damage energy infrastructure.
Fast forward just seven more years, and – déjà vu - we’re witnessing another escalating crisis in Ukraine, alongside rising tensions between Russia and the West. The major difference today? Offensive cyber capabilities are well established as belligerent foreign policy tools for rogue nations like Russia, Iran and North Korea. Today, cyberattacks against critical infrastructure are being used strategically to foment and influence the course of political conflicts.
This means that today, cyberwarfare – just as it was imagined in 1997 – has become a reality. And cyber defense of critical infrastructure has become a key component of national security for all nations.
A major problem with cyberwarfare, as with traditional warfare, is spillover. Conflicts have historically snowballed, drawing in entities not originally involved in the original conflict. Cyberwarfare is no different.
When Russian hackers unleashed a virus called NotPetya in 2017 on the eve of Ukrainian Constitution Day, it successfully disabled Ukrainian government and banking computing infrastructure, and impacted some 80 Ukrainian companies. It also – terrifyingly – shut down monitoring systems in the Chernobyl nuclear power plant.
But NotPetya didn’t stop at the Ukrainian border. It spread to companies around the world, causing millions of dollars in damages.
And that’s why Western countries are watching the unfolding Ukraine conflict with extra concern. They’re not just hardening defenses against direct Russian cyberattacks on critical infrastructure in response to possible Western sanctions, if imposed; they’re also worried about unintentional damage to critical infrastructure or the global supply chain from attacks that spread from their original targets.
Cyberattacks against the energy sectors are particularly concerning to the US. The memory of the Colonial Pipeline shutdown last May is still fresh, and serious damage to the US critical infrastructure could trigger a significant backlash.
In recent days, NATO officials have warned of a cyberattack by Russia. In the UK, the National Cyber Security Centre (NCSC) has issued new guidance which explains that it is vital that companies stay ahead of potential threats. CISA, the FBI and the NSA have also issued a joint advisory urging US companies to minimize the gaps between IT and OT security coverage, to maintain an incident response plan, and to manage vulnerabilities and configurations. And the US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide range of offensive cyber tools that could target critical infrastructure in the US - from low-level denials-of-service to destructive attacks.
These events represent yet another step in the dangerous evolution of increasingly sophisticated and effective offensive cyber capabilities. The threat of cyberwar is now very real, and critical infrastructure faces a clear and present danger.
The best way for critical infrastructure to deal with the emerging threat of cyberwar spillover or direct cyberattack by Nation-State or cybercrime threat actors is basic cyber hygiene. Companies need to take a proactive approach - assessing risk by gaining visibility into their networks and understanding exposure, then proactively mitigate those risks.
It’s also important to realize that securing the networks that control industry and infrastructure demands a different type of cybersecurity approach. Both government and industrial/critical infrastructure operators are becoming aware of the need for attack mitigation tools that were designed and built from the ground up for OT ecosystems - with operational processes and business continuity as their number one priority.
Otorio offers the world’s first end-to-end, industrial-native portfolio of cybersecurity solutions together with a rich portfolio of field-proven professional services including Incident Response, Risk Impact Assessment, Penetration Testing, and Training.
Here’s how OTORIO helps the world's leading energy and utility companies:
Contact us today for more information.