According to Wikipedia, Critical infrastructure (or critical national infrastructure (CNI) in the UK) is a term used by governments to describe assets that are essential for the functioning of a society and economy – the infrastructure. Security Critical Infrastructures are important for a nation as to continue its public’s health safety, it’s economic operations.
It was previously observed that the dangers of cyberattacks on critical infrastructures was very low because of the need for specialized knowledge on the control system management, administrative operations and configuration as well as in the absence of improved Internet connections. However, at present cyberattacks on critical infrastructures are making a significant impact on society, it has become pre-requisite to check the risks associated by analyzing the attack techniques used in such attacks.
Below is the list of some Critical Infrastructure Sectors
Chemical Sector, Pharmaceuticals , Consumer products , Entertainment and media , Gaming , Real estate , Retail , Communication Sector, Primary Metal Manufacturing , Machinery Manufacturing , Electrical Equipment Manufacturing , Electrical Appliance Manufacturing , Transportation Equipment Manufacturing , Dams Sector, Defense Industrial Base Sector , Emergency Services Sector(Law Enforcement, Fire Emergency Service, Medical Emergency Service), Energy Sector(Electricity, Natural Oil, Coal, Natural Gas), Financial Service Sector(Banks, Insurance, Credit, Investment), Food Manufacturing, Food Processing, Food Storage Sector, Healthcare Sector, Transportation Sector(Aviation, Maritime, Railway, Highway, Postal, Shipping), Water Management System, Waste Water Management System, Telecommunication Sector, Renewable Energy.
Attacks On Critical Infrastructure : – Cyber Attacks on Critical Infrastructure is a top threat for any Nation. Now a days attacks on Critical Infrastructure are increasing. As per report Most of Critical Infrastructure use older infrastructure and legacy system so it is not easy to update their system. That’s why most of the Critical Systems are vulnerable to Cyber Attack. Study shows over 53% of system outrages were caused by Cyber Attack on Critical Infrastructure all over the world. Cyber Criminal use stolen credentials of Critical Infrastructure to attack Industrial Control Systems. As Critical Infrastructure is important for a Nation so we really need to think about safety of Critical Infrastructure.
Impact on Business : – Critical Infrastructure is an important assets for a governments. Critical Infrastructure hack can incur huge amount of loss to business, even business can shut down by Hacked Critical Infrastructure. Business owner can suffer millions of dollar loss due to hacking or hack attempt.
Malware used in Critical Infrastructure Attack : –
Remember WannaCry ramsomware which attacked on United Kingdom healthcare network and paralyzed the whole network that resulted huge struggle to treat patients. Do you remember NotPetya Malware which attacked on Ukraine Power Grid. Black Energy is also a Grid Disrupting Malware.
How to secure Critical Infrastructure: – By using some simple tips you can secure your critical infrastructure. Most of the Critical Infrastructure attack is done by Credential theft. So follow the following tips to save your system.
- Educate your employee not to fall a victim of Phishing related scams. Phishing scams can steal your personal and confidential credentials, and use it to attack on System, so educate your employees.
- Use 2 Factor Authentication to access your networks for you and your employees. It will give you extra layer of security. So always use Two-factor authentication (2FA).
- Never share your confidential information in Public over email, even on social networks. If you are using social networks be sure you are not exposing your confidential information over internet.
- Update your system and always patch your systems to avoid any malware infection on your Industrial Control System.
- Use strong password to access your networks. Always select password that are not easy to guess. Never use your phone number, birth date, personal information as passwords.
- Make sure your networks doesn’t store passwords on plain text. As per report 69% industrial sites use plain text as password. So encrypt your password.
- Don’t grant anyone remote access to your external workstations. If you are giving someone remote access to your external workstation, make sure he/she don’t’ become a cyber-attack victim. As per report Cyber attackers target your employees who have remote access to your workstations.
- Secure Industrial IOT systems. Make sure Industrial IOT don’t have any vulnerability.