Building steps towards CNI resilience
Image courtesy Goldilock
The threat from cyber-attack landscape facing Critical National Infrastructure (CNI) is evolving at an alarming pace. From utilities to healthcare providers and transport networks, the infrastructure crucial to the smooth running of countries makes an alluring target for state actors and cybercriminals looking to cause chaos and even harm.
Take last summer's attack on London hospitals. One breach resulted in the postponement of 1,255 planned operations and 3,396 appointments. The reality is that such incidents are no longer contained, as warnings from the UK's National Cyber Security Centre (NCSC) confirmed that the 'scale, pace and complexity' of threats to CNI will only continue to rise. With national resilience in jeopardy, organisations need to build a security infrastructure that considers both response and proactive measures to ensure future security and resilience.
The current state of CNI security
In recent years, experts across the globe have called for more explicit legislation to drive strong cyber resilience measures within CNI organisations. In Europe, for example, the Directive (EU) 2022/2555 of the European Parliament and of the Council of 14th December 2022 was set out to ensure a high common level of cybersecurity was agreed on. Similarly, the Strengthening American Cybersecurity Act of 2022 addressed cybersecurity threats against US critical infrastructure and the federal government.
However, while legislation is a positive step forward, it is clear that CNI organisations require a complete overhaul of their security measures. With 93% of CNI organisations citing an increase in cyberattacks, the traditional and largely outdated measures many organisations rely on are no match for today's sophisticated cyberattacks.
One of the primary hurdles CNI organisations face is the complexity caused by the existence of OT and IT systems. As a result, entirely different defences are required to ensure maximum protection. Cyber-physical systems, such as power grids and water supply networks, require expert expertise to protect, and the stakes are extremely high. Should bad actors successfully infiltrate these systems, the results could be property damage, physical harm, or even death. So, a framework for greater cyber resilience is crucial.
The three steps towards CNI resilience
To protect systems against increasingly frequent and sophisticated attacks, CNI organisations should adopt a 'timeline of resilience' framework to protect all aspects of their organisation. Crucially, this framework focuses on the defence function that typical cybersecurity postures prioritise and balances investment in prevention and recovery capabilities.
The framework can be broken down into three steps: preparation, response, and recovery. Let's take a look at how organisations can implement them successfully.
Step one: prepare your cyber defences
Preparation should be the first focus for a timeline of resilience framework. Organisations should focus on strengthening their defences by adopting advanced and holistic cyber measures.
This should involve a mix of traditional cyber techniques that many organisations may already have, including encryption and firewalls, alongside physical network segmentation. This allows organisations to segment their networks and isolate and hide critical assets or sensitive data to reduce the attack surface in the event of a breach. Organisations can also choose to keep certain parts of their network offline until they are needed, slowing the attackers' movements and limiting their reach. After all, anything that is connected to the internet is at risk of attack.
Step two: incident response
The second step in implementing a timeline of resilience framework is the creation of an effective response plan. Often, organisations prioritise only the preparation phase, dedicating resources to building defences that keep bad actors out. But what happens when a breach does occur? Organisations need to approach their cybersecurity with the mindset that a breach will inevitably happen, no matter the safeguards in place. Part of this should be setting out an incident response plan that ensures breaches are quickly detected and arrested to reduce damage.
Organisations should adopt monitoring tools and threat-detection systems that identify breaches in real-time. Part of this can be an effective communication strategy to notify key stakeholders including IT, legal, and management teams, as well as any external partners and regulatory authorities.
Reactive network segmentation plays a vital role in impeding attack propagation and isolating compromised assets and data. Physical network segmentation can occur remotely and without internet access, ensuring leaders have complete control over networks and devices.
Step three: recovery and restoration of services
Perhaps the most overlooked aspect of cyber resilience is a recovery phrase. This step is crucial to reduce the short-term impact of an attack, as well as potential long-term damage.
There are several steps organisations should take to tackle the fall-out of an attack and ensure systems are back up and running with minimal delay. These steps should include data restoration from backups, the reconfiguration of security protocols, and patching breached systems.
Unlike in a typical IT breach, attacks on CNI organisations can directly impact public safety and security, making this even more essential. Trouble shooting and efficient recovery can also be helped along with the use of physical network segmentation. Technology like next-generation physical air-gapping can ensure previously isolated, known safe, network segments are reconnected as soon as possible allowing for the restoration of critical services.
Finally, organisations should factor post-incident analysis into this phase. Organisations can understand how bad actors were able to break through cyber defences and carry out an attack by analysing forensic data and incident logs. These insights can be fed back to the teams responsible for the preparation and response phases of the framework to improve future defence strategies. They can also be shared more widely to help others protect their assets.
A resilient future for CNI
Given the critical role of CNI in national infrastructure, organisations remain prime targets for cyberattacks threatening public safety and national security.
The evolving threat landscape necessitates a proactive approach to cyber resilience. By strategically implementing physical segmentation and other advanced security measures across the three-phase timeline of resilience, CNI organisations can significantly bolster their defences.
This comprehensive approach will enable them to withstand and recover from cyber incidents, ensuring the continued delivery of services in the face of evolving threats.
By prioritising cyber resilience and investing in innovative solutions, CNI leaders can ensure their organisations safeguard their operations and maintain critical services, ensuring the safety and security of nations.
