One of the reasons we keep hearing about new attacks – there are a lot of tools that today’s hackers can leverage to take control of crucial environments. It means manufacturers need to constantly work to stay one step ahead to avoid being the next headline.
However, it’s also important to remember that just because buzz dies down around an attack, does not mean that its impact is gone. Often, the ripple effects can continue for a number of weeks, months or even years. It really depends on how much access a hacker had, and their long-term goal in attacking an organization in the first place.
A current example? The news that nearly a quarter of the approximately 1,500 electric operating in the US downloaded the infamous SolarWinds backdoor – creating a nightmare scenario for US critical infrastructure.
Every piece of news around SolarWinds just brings more questions, explains Red Balloon Security Senior Strategist David Doggett, in a statement. “We cannot overlook the likelihood of an even more disturbing outcome than espionage — persistent access in order to disrupt networks, devices and critical infrastructure. Hundreds of electrical utilities having downloaded the SolarWinds backdoor is concerning, but not unexpected. That a minority, but still some, use SolarWinds in their OT networks is more concerning but also not unexpected. The use of SolarWinds in the OT network allows a path to access the devices that control the electrical grid. We’re extremely lucky in this case, the majority of electrical utilities organizations did not experience any disruption. We know there is a willingness to disrupt electrical grids by nation-state actors, which was demonstrated years ago with Sandworm in Ukraine.”
According to Doggett, it’s only a matter of time before that becomes a reality in the United States as well. “Which is why it is absolutely critical that these organizations — all organizations that keep daily life running — are not only securing their systems/networks and aggressively searching for backdoors and firmware vulnerabilities before they can be exploited but also working to increase the level of security and resilience of the end devices that interact with the physical world. For organizations that rely on embedded systems, like the electrical grid, firmware must be hardened and secured before a more devastating attack occurs,” he says.
In hopes of addressing the issue, the Biden Administration announced that it is working on a 100-day action plan to shore up the security of the U.S. power grid, which has come under increased attack from hackers with a plan expected to incentivize power utilities to install sophisticated new monitoring equipment to more quickly detect hackers, and to share that information widely with the U.S. government.
“This is something that should be happening across all critical infrastructure. Not being able to see, secure and defend against inevitable attacks can lead to unnecessary deaths or cripple our economy. A plan like this is definitely a step in the right direction. While there may be some reluctance to share data with the government, the alternative of not doing anything or enough could be devastating,” says Edgard Capdevielle, CEO of Nozomi Networks, in a statement. "The critical infrastructure sectors need authority, budget, and technology, in the middle of a severe skilled worker shortage, in order to address the escalated level of threats. It’s good to see action finally being taken at the highest levels to incent companies and organizations to defend against potential crippling attacks.”