Recent SolarWinds Breach: A Warning of the Perils to Critical Infrastructures (PART 2)

As the Stuxnet and Jeep Cherokee attacks demonstrated, the targets are not IT assets such as data, servers, or the cloud but rather actual physical devices or systems that monitor or control physical plants, processes, systems, or facilities; the latter involves the so-called operational technology (OT) components. Systems such as those targeted by the Stuxnet of Jeep Cherokee attacks are called cyber-physical systems and include a wide range of physical devices such as motors, pumps, control valves, switches, actuators, etc. Attacks that compromise controllers involving cyber-physical devices could be devastating because they can negatively impact the operation, availability, financial, and safety aspects of an organization. Such cyber-physical attacks are possible if the threat actors compromise the integrity of the data for example taking control of the devices mentioned above in such a way to inflict damage.

The history of attacks show that they have moved from affecting only IT assets to affecting both IT plus OT assets that compromise the cyber physical devices or systems of an organization which in some cases have severe safety impacts, i.e., injury or death of people. Preliminary analysis if the SolarWinds breach indicate that the hackers only accessed and compromised communication networks, servers, and confidential data and information but so far did not compromised the integrity and availability of other related assets. For example, Microsoft recently reported that SolarWinds hackers accessed their source code. Unfortunately, it is just a matter of time that future attacks will leverage the SolarWinds breach to affect not only information technology (IT) assets but also those involving operational technology (OT) and this can be achieved by compromising the integrity and availability of the related data.

Attacks now have the potential to encompass everything ranging from enterprise IT to OT to safety critical infrastructures including specific industries such as the power grid, chemical and oil processes, intelligent transportation systems (ITS), and others. For example, hackers taking control of controllers controlling the operation of waste processing plants, intelligent transportation systems, or the power distribution of the electrical grid can cause disruption of a city water supply, a halt to transport and mobility services, and electrical power blackouts respectively. After the SolarWinds breach, many similar attacks are just waiting to happen and well-orchestrated and major cyber-physical attacks involving IT and OT assets are more likely.

One way to improve the cybersecurity culture in an organization is to establish processes that will facilitate and empower the organization to perform all that is required by a good cybersecurity culture. The organization shall ensure the persons within the organization that are involved in assuring cybersecurity of vehicles possess the cybersecurity competences and awareness to fulfill their responsibilities.” One way of meeting this requirement is to attend training programs, courses, or seminars.

GLOMACS is Offering a New Training Course on “Cybersecurity Monitoring, Event Management, and Incident Response in Intelligent Transportation Systems”

The participants of this GLOMACS training course, will:

• Enhance their analytical and problem solving skills through participation in breakout exercises
• Learn how to analyze the cybersecurity of the Intelligent Transport Systems (ITS) infrastructure
• Be able to apply cybersecurity techniques to implement resilience and strong defenses
• Learn how to perform cybersecurity risk assessments for their organization
• Improve the cybersecurity of their organizations
• Develop cybersecurity plans including those for monitoring, event management, and incident response

Although the above training course focuses on Intelligent Transportation Systems, many of the concepts and methodologies are generic which can be applied to other IT and OT areas. As a result, participating organization will become adaptive and improve their cybersecurity while at the same time serve stakeholders and the public at the highest level.

READ PART 3