Protect Critical Infrastructure and Save Lives With Code Hunting Strategies
By: Team CodeHunter™
We are living in the age of a digital revolution. Each day, newsfeeds showcase new technology that pushes us closer and closer to the futuristic vision of widely accessible flying cars and human diagnostic systems. However, with every noble hero using these technological advances to better humankind, comes a great villain. Threat actors, hackers, malware antagonists, the list goes on. There are people out there who take advantage of such intellectual, technological kindness by launching attacks on key organizations whose sole responsibility is to keep the world moving at a safe and steady pace. Understanding the part malware and bad code play in critical infrastructure puts one in the mind of a killer, and protects the people who rely on those industries in the hands of those who can maintain competent, ever-vigilant, security.
Table of Contents
Most critical infrastructures operate in a digital environment, and while the information technology landscape has seen immense growth, so have the vulnerabilities and potential threats. This is the new reality that we have to face in the cyber community. The expansion of the threat surface, because of global connectivity and the emergence of the internet of things and smart cities, has created opportune vulnerabilities for threat actors. Threat actors have grown more sophisticated and capable, and they include nation states, organized criminals, and terrorists. As a result, critical infrastructure has become the preferred target for both cyberwarfare and cyber crime in the current digital ecosystem.
The Cyber Threat to Critical Infrastructure
The 2021 World Economic Forum’s Global Risks Report listed cyberattacks on critical infrastructure as a top concern. In fact, they believe that cyber security failure, digital inequality, and IT infrastructure breakdown will be among the greatest global risks in the next ten years. NEC New Zealand noted that “Cyberattacks on critical infrastructure have become the new normal across sectors such as energy, healthcare, and transportation. Such attacks have even affected entire cities.” Each day, billions of people in countless communities rely on these foundational organizations to function safely, which is precisely why they are the favored targets of attackers. Having that access of safety removed or held for ransom over an indeterminate amount of time causes chaos and panic; this is a threat actor’s best-case scenario. When chaos ensues from their devious actions, they know it will be that much easier for them to get what they want repeatedly.
The National Cyber Security had this to say about it:
Imagine the consequences should your entire supply-chain network be taken down. What if your community hospital’s patient database was hacked and uploaded to the web for all the world to see? What if names and photos of your loved ones were scattered across nefarious social media platforms frequented by anti-government militias, some of which have demanded the hanging of public officials? Consider the impact if school district student, staff and parent identities were exposed on dark web sites.
It’s an unsettling thought, but one that we need to be having conversations around in the cyber community. The result would certainly be devastating. Type “Recent Cyber Attack” into Google and nearly 5 million results come up immediately. While it is unnerving to see so many results of penetrating cyber security in the news, each case provides a new perspective of understanding for future developer technology. Therefore, by definition of any industry working with technology systems, it is important to understand the impact of malware on the human condition.
Malware Infections Threaten Critical Infrastructure
Malware is a direct threat to critical infrastructure operating systems, without those operating systems, they can’t do business. John Biasi in his article titled Malware Attacks on Critical Infrastructure Security Are Growing provides several notable examples in the past decade:
In 2012, a piece of malware known as Shamoon was used to overwrite the hard drives of some 30,000 computers at Saudi Aramco, the Saudi Arabian national petroleum and natural gas company. Similarly, in 2016, a malware called BlackEnergy caused disruptions to the Ukrainian electrical grid. Another piece of malware known as DragonFly was used to target pharmaceutical firms in 2014. Symantec, a global firm specializing in cybersecurity, recently identified DragonFly 2.0, which appears to specifically target industrial control system (ICS) field devices.
These examples targeted entire systems, affecting millions, but consider what might happen if that impact resulted in illness, societal collapse, or death. Recently, “A cyber attacker was able to breach a computer system controlling a city’s municipal water treatment plant and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million – dangerous levels that could have been catastrophic.”
Keep in mind, communities and governments define a critical infrastructure as the collective assets that are essential for societal and economic function. In short, people need these infrastructures to keep their families safe, to support one another in daily life, and to survive.
Globally, the power grid has seen an exponential increase in the amount of both physical and cybersecurity attacks as we continue to grow in the digital ecosystem. Cyber-attacks have harmed elements of the critical infrastructure worldwide. The success of a malware attack on a critical infrastructure operating system could cause ripples of dismay on a global scale, “Loss of life could be catastrophic. Life itself would change.”
As an international community, we have felt the wave of negative impact: natural disaster, disease, and war to name a few. A cyber attack could fit into these definitions, in that they can have massive negative results with long recovery processes. While a bullet-proof solution is not possible with current technology, methods of preparedness and innovative security should be a top priority for any organization that supports human life.
[GREAT PLACE FOR A CHART OF SOME SORT RELATING TO THIS INFO]
Key Critical Industries and Protection Standards
The consequences of international cyber-threats have urged global governments to find the best course of action to protect key critical industries. In particular, the Department of Homeland Security (DHS) has stated that, “Cybersecurity threats to critical infrastructure are one of the most significant strategic risks for the United States, threatening our national security, economic prosperity, and public health and safety. In particular, nation-states are targeting critical infrastructure to collect information and gain access to industrial control systems in the energy, nuclear, water, aviation, and critical manufacturing sectors.” Together, they have identified key sectors of critical infrastructure that are primary targets of cyber attacks.
In November 2018, because of a recognition of an urgent need for public and private sector cooperation, DHS formed the Critical Infrastructure Security Agency (CISA). CISA’s directives put a focus on the DHS mission of cyber preparedness and ensuring protection and resilience to critical infrastructure. This includes investments in resources, policies and collaboration dedicated to protecting critical infrastructure. Together, the DHS and CISA have identified 16 sectors as critical because their assets, systems, and networks are vital to national economic security, safety, and public health. Those sectors include:
Transportation System Sector
Critical infrastructure cybersecurity for DHS, CISA, and for these critical industries relies on security framework protection based on layered vigilance, readiness, and resilience. The guiding elements of risk management proposed by the Department of Commerce National Institute of Standards and Technology’s (NIST) Framework for industry and government: Identify, Protect, Detect, Respond, Recover.
Together, these standards provide a high-level, strategic approach to the life cycle of risk management and cyber security. Each tier gives the context in which an organization can determine the level of risk to their systems and the processes established to manage that risk.
Effective risk management before, during, and after a potential attack lessens overall damage and ultimately, it could save lives.
Identifying The Threat – Code Hunting
The first component of that framework requires identifying what you may have at risk. One of the top priorities is to understand the risk potential of what may already be in legacy networks, programs, and applications. That comes down to knowing what may be in the software code.
Critical infrastructure often uses complex systems that run on old legacy software and operating systems. Legacy software is defined as “...an old method, technology, computer system, or application… still in use.” Segmenting those systems or ‘air gapping’ is not always a reliable method of protection due to the connectivity requirements in industrial control systems with information technology and operational technology interfaces. Therefore, vulnerability assessments and hunting for malware and/or bad code need to be done on those legacy systems before new computers, networks, data communication systems, and user interfaces are integrated into the networks.
Since there are more sophisticated threats against critical infrastructure, code hunting should detect and successfully analyze software code behavior from both known malware, and malware not previously known to exist. The stakes are too high not to identify and mitigate lethal threats that can be economically devastating and risky to life as we know it.
The key to keeping society in working order, to keep people in the community happy and healthy, and to maintaining a zone of safety in organizational operating systems, lies in using the right software at the right time to hunt for known and unknown malicious code.
The digital ecosystem has seen significant advances over the past half-century, that includes both a positive impact to technological advances in software heroes in critical infrastructures and attack methods for cyber threats. Critical infrastructures are the primary target for both cyberwarfare and cyber crime, critical infrastructure organizations need to take the proper precautions from malware attacks. Sectors in healthcare, finance, agriculture, and government have now choice but to accept that they may find themselves under attack soon; but they can also take proactive action to mitigate such risks by using current advances in technology to take action. When these key organizations can adopt the capability of recognizing known and unknown threats, they could save lives and decades of repair for communities all over the world.
Baker, G. H., & Volandt, S. (2018, May 09). Cascading Consequences: Electrical Grid Critical Infrastructure Vulnerability. Retrieved from https://www.domesticpreparedness.com/: https://www.domesticpreparedness.com/resilience/cascading-consequences-electrical-grid-critical-infrastructure-vulnerability/
Biasi, J. (2020, September). Malware Attacks on Critical Infrastructure Security Are Growing. Retrieved from https://amplifiedperspectives.burnsmcd.com/: https://amplifiedperspectives.burnsmcd.com/post/malware-attacks-on-critical-infrastructure-security-are-growing
Brooks, C., Goldenberg, P., & Harrell, B. (2021, February 25). Cyber Attack on Water Supply Is a Wake-Up Call for State, Local Governments - Homeland Security Today. Retrieved from https://www.hstoday.us: https://www.hstoday.us/subject-matter-areas/infrastructure-security/perspective-cyber-attack-on-water-supply-is-a-wake-up-call-for-state-and-local-governments/
NEC New Zealand. (2021, June 09). Cyberattacks on critical infrastructure. Retrieved from www.nec.co.nz: https://www.nec.co.nz/market-leadership/publications-media/cyberattacks-on-critical-infrastructure/
The Department of Homeland Security. (2019, October). Secure Cyberspace and Critical Infrastructure. Retrieved from https://www.dhs.gov/: https://www.dhs.gov/secure-cyberspace-and-critical-infrastructure
Wikipedia. (2021, June 10). Legacy system. Retrieved from https://en.wikipedia.org/: https://en.wikipedia.org/wiki/Legacy_system
World Economic Forum. (2021, January 19). The Global Risks Report 2021 16th Edition. Retrieved from https://www.weforum.org/: http://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2021.pdf