Real Cyber ​​Warfare | Pentest7

top cybersecurity companies

Cyber ​​wars are an integral part of the current Ukraine crisis. Daniel Bren, CEO and co-founder of OTORIO, and former IT security chief of the Israeli army, takes a look at the militarization of hacker attacks in a guest article.

During the Pacific War from 1941 to 1945, the American General Douglas MacArthur practiced the principle “Hit the enemy where he is not.” This so-called asymmetrical warfare reaches a new level in cyber warfare.

In 1997, the US Department of Defense (DoD) conducted the first “cyber war games” under Operation Eligible Receiver. A decade later, in 2007, the secret Aurora Generator Test showed how a cyberattack on an industrial control system (ICS) can cause physical damage to a machine and its surroundings. Roughly another decade later, Russia’s cyberattack on Ukraine’s power grid in 2015 was the first of its kind to successfully target and damage energy infrastructure.

Today we see a further escalation of the crisis in Ukraine and growing tensions between Russia and the West. The big difference today? Offensive cyber capacities are now firmly established as a foreign policy tool for authoritarian states such as Russia, Iran and North Korea. Cyber ​​attacks on critical infrastructure are used strategically today to fuel and influence the course of political conflicts. This means that cyber warfare as conceived in 1997 has become a reality today. Thus, the cyber defense of critical infrastructures is a key component of national security today – also in Germany.

Cyber ​​attacks are difficult to localize

A major problem with cyber warfare, as with traditional warfare, is conflict spillover. In the past, conflicts have always escalated, involving actors who were not originally involved in the conflict. Cyber ​​warfare is no different.

When Russian hackers unleashed a virus called NotPetya on the eve of Ukraine’s Constitution Day in 2017, it successfully crippled the Ukrainian government’s and banking sector’s computing infrastructure and affected some 80 Ukrainian companies. It also – frighteningly – paralyzed the monitoring systems at the Chernobyl nuclear power plant. However, NotPetya did not stop at the Ukrainian border. It spread to companies around the world and caused millions of dollars in damage.

For this reason, Western countries are watching the developing Ukraine conflict with particular concern. Not only are they stepping up their defenses against direct Russian cyberattacks on critical infrastructure in response to possible Western sanctions, should they be imposed. They are also concerned about unintended damage to critical infrastructure or the global supply chain from attacks that propagate from their initial targets.

Current crisis puts authorities on alert

The US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide array of offensive cyber tools. Cyber ​​attacks on the energy sector are of particular concern for the US. The memory of the Colonial Pipeline shutdown last May is fresh, and serious damage to critical infrastructure could trigger a significant backlash.

In recent days, NATO officials have warned of a cyber attack by Russia. In the UK, the National Cyber ​​Security Center (NCSC) has issued new guidance stating that it is imperative for businesses to stay one step ahead of potential threats. The CISA, FBI and NSA have also issued a joint recommendation calling on US companies to minimize the gaps between information technology (IT) and operations technology (OT) security coverage, establish an incident response plan create and manage vulnerabilities and configurations. The US Department of Homeland Security is calling on critical infrastructure operators to be on high alert in the face of a wide range of offensive cyber tools that could target critical infrastructure in the US. The scenarios range from simple denial-of-service attacks to destructive attacks.

These events are another step in the dangerous evolution of increasingly sophisticated and ever more effective offensive cyber capabilities. The threat of cyber war is now very real, and critical infrastructure is clearly in contemporary peril. Organizations must therefore take a proactive approach, that is, assessing risk by getting a view of their networks and understanding the exposure, and then proactively mitigating those risks.

Security tools should be designed for OT ecosystems

It’s also important to realize that securing the networks that control industrial assets and infrastructure requires a different type of cybersecurity approach. Both government and industrial/critical infrastructure operators are realizing the need for attack mitigation tools designed and built from the ground up for OT ecosystems. Operating processes and business continuity have top priority.

To understand the potential risk, an automated tool for exploring the OT environment is helpful, which can be used to determine an organization’s assets from the perspective of a potential attacker. An inventory tool that records all OT, IT and IIoT resources is recommended for a quick assessment of the security situation. Such a tool should also support operational security teams with compliance reports based on security standards and frameworks such as IEC 62443, NERC CIP and NIST. Another risk monitoring and management tool continuously discovers, analyzes and monitors all OT, IT and IIoT assets within the operational environment. It correlates risks and alerts and prioritizes them based on their impact on operational and business continuity. This gives security teams a manageable number of alerts and simplified playbooks with targeted countermeasures.

Cyber ​​hygiene and proactive approach to risk reduction

Basic cyber hygiene is the best way for critical infrastructure to deal with the emerging threat of cyberwar spillovers or direct cyberattacks by national attackers or cybercriminals. Organizations need to take a proactive approach, meaning they need to assess the risks by taking a look at their networks and identifying the exposure, and then mitigating the risks.”

Leave a Reply

Your email address will not be published.