When cybercrime affects health and safety

April 2019 Editor's Choice, Cyber Security

Too often I read cybercrime articles where experts lay out a doomsday scenario without following through with strategies for tackling the issues. So today I want to do things differently, raising awareness of a significant problem, but also offering a simple approach to help you avoid it happening to your organisation.

Craig Gonzales
Craig Gonzales

As a matter of course, certain industries, such as oil and gas, manufacturing, and chemicals, already take human life into consideration when designing and planning work, using frameworks from disaster recovery planning through to checklists designed to avoid issues. These industries are well aware that disasters are usually caused by some combination of human error, dangerous working conditions, and faulty equipment.

The threat of a category one cyber-attack in these industries is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work as it’s supposed to – yet danger could still unfold. This was seen back in 2010 when the Stuxnet virus caused fast-spinning centrifuges to tear themselves apart. While this attack didn’t cost lives, it’s not improbable to imagine another attack that does have catastrophic consequences.

Serious cybercrime is around the corner

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), outlines the stark reality of cybercrime today: “I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead – what we would call a category one attack.”

A category one attack causes “sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or loss of life”. The UK government expects this type of attack to happen as cyber warfare and Internet-connected control systems increase in popularity, yet that expectation or threat is not limited to the UK. Almost every country has critical national infrastructure, many of which are based on similar hardware and software, so when vulnerabilities are identified and exploited, the impact could be felt anywhere.

How to prevent a category one attack

You’re not in a position to identify and patch every zero-day in your supply chain, so there are no guarantees. Likewise, a category one attack will most likely come from a nation-state attacker with time, money, and legal protection. Our recommendation is to mix board-level awareness with a systematic approach to defence in depth. These best practices allow you to make the right defensive decisions whilst mitigating the impact of an exploited vulnerability.

Step 1: Get the C-suite and board to buy into this threat

We’re in a time when security is top-of-mind at the highest level and you should work hard to ensure senior leaders fundamentally believe that they don’t want to be the company that experiences a category one. Every senior security leader and chief I speak to repeats the importance of governance in business operations. Your job is to convince them that this isn’t a scenario where ‘risk acceptance’ is acceptable. Once you get them on board, you’re able to take the next step.

Step 2: Assess and interpret threat intelligence

Once your leadership is on board, you must assess what you have and what could be vulnerable to a category one, and then seek threat intelligence on those assets. When working with customers, our first step in any job is to try and understand what exists, what could be vulnerable, and then act upon that knowledge.

If you have the senior approval, then take the time to assess your situation and invest in threat intelligence against the systems you have. When new vulnerabilities are disclosed or when other industrial control systems (ICS) are attacked, even if it’s in the academic research versus in the wild, you should have a mechanism to know that and start paying attention to your systems.

Step 3: Continuous visibility

Knowing what is happening in your ICS is vital for identifying and stopping an attack. The marketplace and talent for asset and traffic visibility is growing rapidly, so finding help shouldn’t be hard, but making the decision to capture and analyse traffic to your ICS is essential.

Step 4: Mitigate damage

Finally, once you know what could be vulnerable and have intelligence and monitoring established, you’ll want war game and table-top scenarios to see what fallout could occur. Running these exercises will give you a sense of the damage that could be caused. This then leads to disaster recovery updates, new processes and procedures, and maybe new mitigation technology so breakdowns don’t cascade into category one experiences.

Find out more about BT’s ethical hacking services at https://www.globalservices.bt.com/en/solutions/products/security-ethical-hacking




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Where are your crown jewels?
June 2019, Wolfpack Information Risk , Commercial (Industry), Cyber Security, Security Services & Risk Management
Understanding what data they store and analyse is gaining increasing urgency for organisations that are now accountable to new(ish) privacy regulations such as the GDPR and our PoPIA.

Read more...
Axis 7th generation ARTPEC chip
June 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
Axis has launched its 7th generation ARTPEC chip, optimised for network video, to improve all the signature Axis technologies created to address difficult light conditions.

Read more...
Kaspersky Lab to open office in Kigali, Rwanda
June 2019, Kaspersky Lab , News, Cyber Security
Kaspersky Lab has announced plans to open a new office in Kigali, Rwanda, to support the rapid growth of its business in East Africa.

Read more...
SIM swap fraud expands
June 2019 , News, Cyber Security, Financial (Industry)
A new wave of attacks targeting financial services and online services have become very common in South Africa and the wider region.

Read more...
Tackling the insider threat
June 2019, Secnovate , News, Cyber Security
Secnovate and its strategic partner, Condyn, has run a series of executive briefings on insider threats, which represents a growing and important threat vector for all organisations, big and small.

Read more...
Netgear Armor on Orbi Wi-Fi
June 2019, Duxbury Networking , Home Security, Cyber Security, IT infrastructure
Netgear has announced the worldwide availability of Netgear Armor Cyber Threat Protection, powered by Bitdefender, on Orbi Wi-Fi mesh systems, to protect home IT and IoT devices.

Read more...
Six best practices for creating secure passwords
June 2019 , Home Security, Cyber Security
Passwords are like toothbrushes: you want to choose a good one, never share it, and replace it quarterly.

Read more...
Platforms and community lead the future
May 2019, Milestone Systems , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions
Milestone Systems took a look into the future of open platforms and the power of community at MIPS EMEA in Copenhagen in March this year.

Read more...
30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Read more...
The consequences of false alerts
May 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Craig Donald discusses the impact of false alarm rates on the utility of intelligent security technology systems.

Read more...