We are in the middle of a ‘cyber pandemic’. Digital security standards need reinforcing

By Explorer -

 We are in the midst of a “cyber pandemic”. In 2020, COVID-19 accelerated a transition towards remote working and the software being used for these attacks has become easier to execute, ransomware attacks have risen rapidly and continue to accelerate in 2021:

A prime target for cybercriminals has been the Operational Technology (OT) networks which interconnect the Industrial Control Systems (ICS) that manage our critical infrastructure. As services like power grids, water treatment facilities, transport and healthcare systems increasingly integrate their operational technology systems with the internet of things – for example through remote sensors and monitoring – this creates a new frontier of risks where millions more vulnerability points and new vectors can be exploited by hackers.

These attacks have huge implications not only on businesses but also on communities, cities, states, and entire countries. The consequences can be dire. In April 2020, hackers targeted Israel’s water treatment facilities through their IoT system, which gave attackers the ability to change the water pressure, temperature, and chlorine levels of the water. If the attack had fully succeeded, this could have led to whole communities becoming sick from the water supply or triggering a failsafe which would have left thousands of people without water entirely.

How are hackers exploiting IoT systems?

IoT devices and connected systems can be a large security risk for critical infrastructure services when security best practices are not implemented, as they come with a few intrinsic flaws:

As a result, there are a number of ways for hackers to exploit these devices and either perpetrate attacks on bigger targets or move laterally to harm mission-critical systems and steal information of customers and employees, intellectual property, or other sensitive assets.

A new “botnet” attack called Mozi has been extremely active in the past 18 months, accounting for 90% of total IoT attacks in 2020 and controlling nearly 500,000 connected devices. Each compromised device is instructed to find more devices to infect, which enables cyber criminals to gain control over entire networks and its data and hold it for ransom.

In March 2021, Silicon Valley start-up Verkada suffered a massive IoT cyber-attack. The hackers were able to obtain administrative privileges to a large number of security surveillance cameras, meaning they could execute their own malicious code on the devices.

Once a hacker can breach a networked device, they can then use the device as a launching point for attacks laterally, exposing systems that are critical to operations. As industries further integrate IT and OT networks to gain new insights, these devices pose an even greater danger for operations that rely on industrial control systems. Without a greater push for security that addresses these connected devices, we are likely to continue seeing more attacks that target critical infrastructure industries.

What is being done at a national and global scale?

Critical infrastructure remains largely private-owned and will require a coordinated effort between the public and private sectors to deter ransomware and IoT threats. To address gaps in security protocols and standards within critical industries, governments are taking it upon themselves to introduce and expand on existing cyber security policies for IoT devices.

The European Union Agency for Cybersecurity (ENISA) published guidelines on security IoT supply chains in 2020 and is now developing specific security measures for IoT operators and critical infrastructure industries. Meanwhile, the IoT Cyber Security Improvement Act was enacted in late 2020, which requires US public sector users of IoT, including those used in critical infrastructure, to extend robust cyber defenses to their IoT deployments.

The standard for this has been developed by the National Institute for Standards in Technology (NIST), who has been central in developing approaches for improving cyber security across the US for several years. NIST has developed a number of guidance documents in consultation with stakeholders in government, industry and the private sector, and in coordination with other nations’ international standardization efforts. Given the size of the US government as a customer, the NIST standards adopted for the public sector could also act as a broader de-facto industry standard for all types of IoT devices in the US and beyond.

Looking beyond the IoT Cybersecurity Improvement Act which focuses on the US Federal Government market, Public Law 116-283 which passed at the end of 2020 called for an IoT Steering Committee made up of private sector stakeholders to advise a US Federal government-wide interagency group. The Steering Committee and Federal Working Group are tasked to identify the benefits of IoT, improve IoT regulation and remove barriers to adoption. In a parallel effort, the President’s May 2021 Executive Order on cybersecurity calls for the piloting of a labelling programme for consumer IoT products that identifies how they meet cybersecurity criteria, which will be operational by February 2022.

These efforts to establish security requirements for IoT devices goes beyond federal agencies and contractors to address the need for security in critical infrastructure. Industries that are most exposed to these attacks seek uniformity and efficiency, and thus look to these laws and policies as guidelines to adopt baseline security requirements.

What can the public and private sector do?

As cyberattacks rise in critical industries, governments and the private sectors have a shared responsibility to protect these systems. Adopters of IoT devices can work alongside policy-makers and cybersecurity suppliers to build greater consensus on IoT security standards while also developing trust in security across critical infrastructure.

1) Establish a consistent approach on IoT security globally by:

2) Building trust through better transparency and international cooperation:

  • Clarifying the responsibility model across the supply and value chain.
  • Fostering cross-sector and international collaboration.
  • Promoting the use of international information-sharing frameworks and assurance best practices.

Jeremy Kaye, Head, Executive Briefing Center, Check Point Software Technologies

Mitch Muro, IoT Security Product Marketing Manager, Check Point Software Technologies

Katerina Megas, Program Manager for Cyber Security for IoT, National Institute of Standards and Technology (NIST)

The article was originally published in the World Economic Forum. You can view it here


Source: https://theprint.in/opinion/we-are-in-the-middle-of-a-cyber-pandemic-digital-security-standards-need-reinforcing/755465/

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more