Defending critical infrastructure in the new industrial cyber threat landscape

THE cybersecurity challenges and threats facing critical infrastructure today are too great for any one organisation to tackle alone. Globally, adversaries continue to target healthcare and manufacturing facilities, and threaten critical services such as electric grids and water systems. These attacks not only compromise data and information, but also threaten human health and life at scale. This is especially true when we look at attacks aimed at industrial control systems (ICS) and operational technology (OT). These software and hardware that interact with the physical world are what make critical infrastructure critical.

Even as recently as 10 years ago, the heterogenous nature of industrial infrastructure made it difficult for adversaries to create attacks that could be replicated across sites and industries and cause disruption or physical destruction. The move towards a more homogenous infrastructure with common software packages, network protocols, and facility designs that bring efficiency and other advantages to industry has, in some ways, made it easier for adversaries to operate more efficiently, too.

The threat group Chernovite for example, identified in 2022, is associated with the development of the first ICS/OT malware capable of repeatable attacks across targets and industries, Pipedream. The breadth of potential impacts demonstrates the effect increasingly uniform OT environments have had on making adversary operations more efficient. Targeting ubiquitous protocols used across hundreds of vendors and thousands of systems, Pipedream could be used to harm electric grids, oil and gas pipelines, water distribution, and the manufacturing industry, among others. Furthermore, Dragos assessed that Pipedream could achieve an end-to-end attack; the malware could be leveraged for information technology (IT) intrusion and pivot to OT to execute an ICS/OT attack. Fortunately, Dragos and its partners discovered and analysed Pipedream before it was employed in the wild, buying defenders time. However, the capability cannot simply be patched away and still looms as a significant threat to the unprepared.