Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems. And infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising. Other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate. The potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. The havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Mounting hostilities in the cyber sphere
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
Meanwhile, Iran has been stepping up its efforts to wage Nature Of Nation-State Cyber Warfare against its adversaries. Recently launching a multi-pronged cyber assault on Albania – a NATO member – whilst escalating long-standing digital sparring with Israel, Iran is making little effort to mask its increasingly aggressive cyber activities. By brazenly attacking Albanian networks, Iran has essentially delivered cyber warfare to our own doorstep.
Wilful blindness
Nation-state attackers are constantly chipping away at organisations’ weak points and vulnerabilities. Continually penetrating until they get what they need. With this in mind, and given what is at stake. Surely UK organisations are taking the necessary proactive steps to mitigate the threat?
Unfortunately not. A naivety and lack of awareness still permeates CNI. Meaning that for many it hasn’t quite ‘hit home’ that the security landscape has fundamentally shifted. Since Russia’s invasion of Ukraine on 24th February 2022. For example, how many people are aware that Russian businesses can now legally steal the intellectual property of anyone affiliated with “unfriendly” countries?
For poor cyber practices – other than the consequences of a breach. Furthermore, it is all too easy for organisations to overlook the stealth aspect of cyber-crime. If a person has their car stolen, they will be immediately aware. . This lack of insight into the creeping, tangible consequences of cyber-crime force many organisations into a weakened, reactive security stance.
This cannot be allowed to continue. While the UK is not on the physical frontlines of battle. The sheer interconnectedness of our systems and critical infrastructure places us all in a highly vulnerable position when nation-state attackers strike. Take the NHS, for example. A criminal group may intend to ‘just’ disrupt or destabilise NHS systems. Perhaps nobody intended to kill humans. But through ill-planned attacks it can and will happen anyway.
Software isn’t the solution
Therefore, the onus must be on CNI organisations to take stronger action. So that they are protecting against, rather than just reacting to, evolving nation-state cyber threats.
This amounts to much more than simply layering more cyber security software upon software. Currently, many organisations are misguided in their approach to security. Opting to plough ever-growing sums of money in convoluted cyber security software and cloud-based services that fail to control attackable surfaces. Even by purchasing threat intelligence that effectively informs of emerging threats. Due to lack of maturity many organisations outside the Global 1000 have very little practical idea of how they can implement protection to address them. When an attack inevitably gets through, those organisations with reactive, software-centred security mindsets will find themselves figuratively, and sometimes literally, running to the comms room to pull the cable and limit the spread.
It is estimated that there is one exploitable bug per thousand lines of code. When it is considered that Microsoft Windows OS alone has roughly 50 million lines of code, it becomes even clearer that CNI organisations that allow IT and OT networks to intersect are fighting a losing battle by solely relying on software to protect against nation-state cyber threats.
The next generation of physical answers to digital challenges
There is a better way – and it is refreshingly simple. In a nutshell, the most effective means of reducing your attack surface is to physically disconnect networks and make the assets within them invisible to the outside. If there is no discoverable IP address, it fails to be visible to malicious actors and therefore unreachable becomes ‘unbreachable’. Yet assets and networks still sometimes need to be accessible. This is where legacy and traditional security solutions fail: they are often too blunt and unsophisticated. Cyber security must continually evolve to keep pace with the changing threat and operational landscapes.
DPNS further allows organisations to balance their operational needs with the protection of mission critical networks and assets by placing them behind an impenetrable barrier to prevent unauthorised access by malicious nation-state actors. With true air gap technology that is operated completely offline and provides no IP connectivity for attackers to exploit the operational control, CNI can implement robust and absolute control mechanisms to close off points of entry, exercising total power over when and where their most valuable digital assets can be accessed.
Nature Of Nation-State Cyber Warfare criminals continue to innovate and evolve their tactics – now, CNI organisations must do the same. With the latest developments in remotely controlled physical network segmentation, air gapping solutions have evolved to be relevant to today’s demands, Organisations can physically disconnect their critical systems and networks on demand, achieving unbreachable security, as digital assets and critical networks are rendered completely inaccessible to sophisticated nation-state-sponsored cyber attackers.
COO at Goldilock
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.