COMMENT
Recent Volt Typhoon headlinesA Chinese state-sponsored actor targeting US critical infrastructure has raised alarm over the attacker’s dwell time and dwell time. security of critical infrastructures under the spotlight. The group targets network infrastructure devices to gain access to critical infrastructure organizations and then uses above-ground living techniques to hide in victims’ environments and position themselves for future attacks. Volt Typhoon is known to target the communications, energy, water and transportation sectors.
There is no doubt that threats to critical infrastructure like the one we are seeing with the Volt Typhoon are concerning and should be taken seriously. Attacks on critical industries have the potential to cause large-scale damage and disruption and can even put people’s lives at risk: compromised water sources, gas lines, utilities and healthcare devices, for example, could have a deadly impact. Given the high stakes, organizations operating critical infrastructure must strengthen security to keep people safe and the global economy functioning.
However, as someone who works on the front lines of critical infrastructure security, I believe that instead of panicking over Volt Typhoon and the threats the group poses, we should focus on several positives:
-
Malware activity targeting critical infrastructure is customized and challenging. It takes many hands to build an effective package. We know this because unfortunately we are finding complex builds. The good thing, however, is that we are now looking for malware activity.
-
Many gods 16 critical infrastructure sectors defined by CISA they have matured their security defenses and are in a better position to defend against advanced threats than they were a few years ago. There is a long path to “safety”, but we have better prevention and detection than in 2020.
-
It’s not uncommon for malware to lie dormant for years until the right time to strike arrives. Knowing this, Security Operations Center (SOC) teams have focused on threat detection, improving their method of absorbing critical infrastructure, industry control systems (ICS) and operational technology (OT) alerts, reducing time to malware permanence and improving overall security.
Areas of interest for critical infrastructure sectors
One of the biggest takeaways of the Volt Typhoon The bottom line is that it is critical for critical infrastructure organizations to frequently conduct risk assessments to see how the threats against their business are changing and then use that intelligence to adapt their cybersecurity and cyber resilience strategies accordingly.
If you don’t know a threat exists, you can’t defend yourself against it. And not all organizations are affected by the same threats. Furthermore, your biggest threat today may not be your biggest source of risk tomorrow. For all these reasons, frequently identifying and quantifying the specific risks to your organization is the first step in remaining cyber secure and resilient.
Once the risk assessment is complete, the security plan can be developed or refined accordingly. As threats and business needs continually change, this should be a living strategy. That said, there are some security fundamentals that should always be prioritized, including:
-
Network segmentation: Divides the network into separate zones for different types of users and services. This approach helps contain attacks and limits the lateral movement of threats within the network.
-
Intrusion Detection Systems (IDS): Monitor network traffic for suspicious activity. This is important because traditional endpoint security tools cannot be installed on every device in your network infrastructure.
-
Identity Security: The optimal combination is secure remote access with privileged access management (PAM). The former allows users to securely connect to networks and prevents unauthorized access. The latter protects privileged user accounts that have high-level access to individual controllers at a critical site, so that cyber attackers cannot exploit them to move into the victim’s environment.
From past to present
Five years ago, there was very limited awareness of critical infrastructure security, and headlines about the activity of threat actors like Volt Typhoon would have been alarming. However, we have come a long way since then, not only recognizing the risks to these industries, but also establishing cybersecurity benchmarks to keep organizations operating critical infrastructure safe.
So, if it is true that attacks on critical infrastructures are increasing, it is also true that organizations now have the knowledge and tools necessary to defend themselves against them. Organizations no longer need to be caught off guard. With risk assessments, security fundamentals, and advanced security strategies that target business-specific threats, critical infrastructure organizations can create effective security programs that can withstand any type of attack and keep the organization resilient from IT point of view.