When cybercrime affects health and safety

April 2019 Editor's Choice, Cyber Security

Too often I read cybercrime articles where experts lay out a doomsday scenario without following through with strategies for tackling the issues. So today I want to do things differently, raising awareness of a significant problem, but also offering a simple approach to help you avoid it happening to your organisation.

Craig Gonzales
Craig Gonzales

As a matter of course, certain industries, such as oil and gas, manufacturing, and chemicals, already take human life into consideration when designing and planning work, using frameworks from disaster recovery planning through to checklists designed to avoid issues. These industries are well aware that disasters are usually caused by some combination of human error, dangerous working conditions, and faulty equipment.

The threat of a category one cyber-attack in these industries is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work as it’s supposed to – yet danger could still unfold. This was seen back in 2010 when the Stuxnet virus caused fast-spinning centrifuges to tear themselves apart. While this attack didn’t cost lives, it’s not improbable to imagine another attack that does have catastrophic consequences.

Serious cybercrime is around the corner

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), outlines the stark reality of cybercrime today: “I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead – what we would call a category one attack.”

A category one attack causes “sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or loss of life”. The UK government expects this type of attack to happen as cyber warfare and Internet-connected control systems increase in popularity, yet that expectation or threat is not limited to the UK. Almost every country has critical national infrastructure, many of which are based on similar hardware and software, so when vulnerabilities are identified and exploited, the impact could be felt anywhere.

How to prevent a category one attack

You’re not in a position to identify and patch every zero-day in your supply chain, so there are no guarantees. Likewise, a category one attack will most likely come from a nation-state attacker with time, money, and legal protection. Our recommendation is to mix board-level awareness with a systematic approach to defence in depth. These best practices allow you to make the right defensive decisions whilst mitigating the impact of an exploited vulnerability.

Step 1: Get the C-suite and board to buy into this threat

We’re in a time when security is top-of-mind at the highest level and you should work hard to ensure senior leaders fundamentally believe that they don’t want to be the company that experiences a category one. Every senior security leader and chief I speak to repeats the importance of governance in business operations. Your job is to convince them that this isn’t a scenario where ‘risk acceptance’ is acceptable. Once you get them on board, you’re able to take the next step.

Step 2: Assess and interpret threat intelligence

Once your leadership is on board, you must assess what you have and what could be vulnerable to a category one, and then seek threat intelligence on those assets. When working with customers, our first step in any job is to try and understand what exists, what could be vulnerable, and then act upon that knowledge.

If you have the senior approval, then take the time to assess your situation and invest in threat intelligence against the systems you have. When new vulnerabilities are disclosed or when other industrial control systems (ICS) are attacked, even if it’s in the academic research versus in the wild, you should have a mechanism to know that and start paying attention to your systems.

Step 3: Continuous visibility

Knowing what is happening in your ICS is vital for identifying and stopping an attack. The marketplace and talent for asset and traffic visibility is growing rapidly, so finding help shouldn’t be hard, but making the decision to capture and analyse traffic to your ICS is essential.

Step 4: Mitigate damage

Finally, once you know what could be vulnerable and have intelligence and monitoring established, you’ll want war game and table-top scenarios to see what fallout could occur. Running these exercises will give you a sense of the damage that could be caused. This then leads to disaster recovery updates, new processes and procedures, and maybe new mitigation technology so breakdowns don’t cascade into category one experiences.

Find out more about BT’s ethical hacking services at https://www.globalservices.bt.com/en/solutions/products/security-ethical-hacking




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Platforms and community lead the future
May 2019, Milestone Systems , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions
Milestone Systems took a look into the future of open platforms and the power of community at MIPS EMEA in Copenhagen in March this year.

Read more...
30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Read more...
The consequences of false alerts
May 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Craig Donald discusses the impact of false alarm rates on the utility of intelligent security technology systems.

Read more...
The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Read more...
Protecting people’s money, and their data
May 2019, Cathexis Technologies, CA Southern Africa, IDEMIA , Editor's Choice, Integrated Solutions, Financial (Industry)
The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without.

Read more...
Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

Read more...
The benefits of background screening
May 2019, iFacts, Managed Integrity Evaluation , Editor's Choice, Security Services & Risk Management
Companies need to be more vigilant about the people they employ by making sure comprehensive background screening checks are conducted.

Read more...
Does your control room add value?
May 2019, Fidelity Security Group, G4S South Africa, Progroup , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure, Commercial (Industry)
Whether on- or offsite, control rooms are a critical aspect of security today and care must be taken in the design and rollout of these nerve centres.

Read more...
Intruder detection is becoming smarter and more mobile
May 2019, Elvey Security Technologies , Regal Distributors SA , Editor's Choice, Perimeter Security, Alarms & Intruder Detection
Alongside the new technologies continually being developed, existing technologies are being co-opted into not only performing an intrusion detection role, but combatting that bane of the electronic security industry: false alarms.

Read more...
iLegal 2019: Augmented surveillance - realising the full potential of CCTV
May 2019, Technews Publishing , Editor's Choice, News, Conferences & Events, Training & Education
iLegal 2019 will look at what is becoming known as Augmented Surveillance – using technologies and people interactively to maximise results from operators and control rooms in order to make intelligent security and business decisions.

Read more...