When cybercrime affects health and safety

April 2019 Editor's Choice, Cyber Security

Too often I read cybercrime articles where experts lay out a doomsday scenario without following through with strategies for tackling the issues. So today I want to do things differently, raising awareness of a significant problem, but also offering a simple approach to help you avoid it happening to your organisation.

Craig Gonzales
Craig Gonzales

As a matter of course, certain industries, such as oil and gas, manufacturing, and chemicals, already take human life into consideration when designing and planning work, using frameworks from disaster recovery planning through to checklists designed to avoid issues. These industries are well aware that disasters are usually caused by some combination of human error, dangerous working conditions, and faulty equipment.

The threat of a category one cyber-attack in these industries is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work as it’s supposed to – yet danger could still unfold. This was seen back in 2010 when the Stuxnet virus caused fast-spinning centrifuges to tear themselves apart. While this attack didn’t cost lives, it’s not improbable to imagine another attack that does have catastrophic consequences.

Serious cybercrime is around the corner

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), outlines the stark reality of cybercrime today: “I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead – what we would call a category one attack.”

A category one attack causes “sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or loss of life”. The UK government expects this type of attack to happen as cyber warfare and Internet-connected control systems increase in popularity, yet that expectation or threat is not limited to the UK. Almost every country has critical national infrastructure, many of which are based on similar hardware and software, so when vulnerabilities are identified and exploited, the impact could be felt anywhere.

How to prevent a category one attack

You’re not in a position to identify and patch every zero-day in your supply chain, so there are no guarantees. Likewise, a category one attack will most likely come from a nation-state attacker with time, money, and legal protection. Our recommendation is to mix board-level awareness with a systematic approach to defence in depth. These best practices allow you to make the right defensive decisions whilst mitigating the impact of an exploited vulnerability.

Step 1: Get the C-suite and board to buy into this threat

We’re in a time when security is top-of-mind at the highest level and you should work hard to ensure senior leaders fundamentally believe that they don’t want to be the company that experiences a category one. Every senior security leader and chief I speak to repeats the importance of governance in business operations. Your job is to convince them that this isn’t a scenario where ‘risk acceptance’ is acceptable. Once you get them on board, you’re able to take the next step.

Step 2: Assess and interpret threat intelligence

Once your leadership is on board, you must assess what you have and what could be vulnerable to a category one, and then seek threat intelligence on those assets. When working with customers, our first step in any job is to try and understand what exists, what could be vulnerable, and then act upon that knowledge.

If you have the senior approval, then take the time to assess your situation and invest in threat intelligence against the systems you have. When new vulnerabilities are disclosed or when other industrial control systems (ICS) are attacked, even if it’s in the academic research versus in the wild, you should have a mechanism to know that and start paying attention to your systems.

Step 3: Continuous visibility

Knowing what is happening in your ICS is vital for identifying and stopping an attack. The marketplace and talent for asset and traffic visibility is growing rapidly, so finding help shouldn’t be hard, but making the decision to capture and analyse traffic to your ICS is essential.

Step 4: Mitigate damage

Finally, once you know what could be vulnerable and have intelligence and monitoring established, you’ll want war game and table-top scenarios to see what fallout could occur. Running these exercises will give you a sense of the damage that could be caused. This then leads to disaster recovery updates, new processes and procedures, and maybe new mitigation technology so breakdowns don’t cascade into category one experiences.

Find out more about BT’s ethical hacking services at https://www.globalservices.bt.com/en/solutions/products/security-ethical-hacking





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Axis gives a brighter future to children
Issue 1 2020, Axis Communications SA , Editor's Choice
Fully networked camera solution provides visibility and accountability, letting orphanage focus on what’s important – its children.

Read more...
SFP Security & Fire becomes ISF SFP
Issue 1 2020, ISF SFP , Editor's Choice
SFP Security & Fire was sold to ISF in 2019, becoming ISF SFP and attaining Level-1 BEE status.

Read more...
Janu-worry or Twenty-Plenty?
Issue 1 2020 , Editor's Choice
If the available security spend right now is somewhere between limited and non-existent, here are just a few suggestions.

Read more...
CCTV surveillance needs are critical in defining types of camera deployment
Issue 1 2020, Leaderware , Editor's Choice
Cameras by themselves do not reduce crime; they need to be implemented as part of a considered strategy of crime prevention and detection.

Read more...
Trends 2020
Issue 1 2020, Technews Publishing , Editor's Choice
Hi-Tech Security Solutions asked a few people from diverse companies to join us in a round-table discussion about what they expect to see happening in their environments in the coming year.

Read more...
Seven key trends for 2020
Issue 1 2020, Hikvision South Africa , Editor's Choice
Hikvision looks at a few trends that will affect the security industry in 2020 and beyond.

Read more...
Hundreds of millions to reskill
Issue 1 2020 , Editor's Choice
By 2022 alone, 75 million jobs will probably be displaced across 20 major economies, while 133 million new ones will spring up in industries that are only just gaining traction.

Read more...
Slow and steady wins the access race
Issue 1 2020, ZKTeco, Technews Publishing , Editor's Choice, Commercial (Industry)
The commercial sector is slow in migrating to new access control technologies, with the majority of companies remaining with card and fingerprint solutions.

Read more...
Client property access integrity
Issue 1 2020 , Editor's Choice
Blind or unquestioned trust is something that we all seem to willingly and unconditionally give our security service providers and their reaction officers.

Read more...
2020 Residential Estate Security Conference in KZN
November 2019, Technews Publishing , Editor's Choice
Meeting the residential security challenges in 2020 and beyond: Hi-Tech Security Solutions will host the Residential Estate Security Conference 2020 in Durban on 12 March 2020.

Read more...