How the Defense Industry Can Ensure a Secure State for Critical Infrastructure

0

Opinion: It is critical that defense organizations proactively manage risk by establishing a cybersecurity risk management framework. However, defense organizations need to consider three key areas before developing their frameworks accordingly, writes Michael Murphy, Head of Operational Technology and Infrastructure – Australia, Fortinet.

Opinion: It is critical that defense organizations proactively manage risk by establishing a cybersecurity risk management framework. However, defense organizations need to consider three key areas before developing their frameworks accordingly, writes Michael Murphy, Head of Operational Technology and Infrastructure – Australia, Fortinet.

New legislation introduced in the form of the Security (Critical Infrastructure Protection) Amendment Act 2022 (SLACIP) came into effect on April 2, focusing on the ever-increasing security risk to Australia’s critical infrastructure (CI). The SLACIP Law amends various definitions of infrastructure assets and requires CI operators to adopt, maintain, update and comply with a critical infrastructure risk management program. Other changes also require CI operators to report material breaches to the federal government within 12 hours of an attack and to undertake regular cybersecurity drills.

The Australian defense industry has access to some of the most advanced cybersecurity technologies and is no stranger to sophisticated phishing attacks, ransomware and supply chain attacks. Last year, the Australian Cyber ​​Security Center (ACSC) found that one in four cyberattacks targeted critical infrastructure and services, such as aviation and defence. Threats and associated risks are constantly evolving in terms of what cybercriminals are attacking and their changing attack methods; it is an escalating arms race. These types of attacks can have serious consequences for defense networks and critical systems and, by extension, Australia’s national security.

For this reason, it is important for defense CI operators, including contractors, to understand that securing their CI assets differs significantly from protecting computer networks. This is largely due to the unique nature of the operational technology (OT) that underpins CI assets. For this reason, traditional IT security approaches do not work for OT in a CI environment. Therefore, it is essential for defense organizations to proactively manage risk by establishing a cybersecurity risk management framework. However, advocacy organizations need to consider three key areas before developing their frameworks accordingly.

1. Increase network security visibility
Network visibility makes it much easier to identify and stop malicious activity as it occurs. For example, with strong network visibility, defense organizations can better detect a threat actor with unauthorized access to the network, thus speeding up the response time of security measures. Additionally, network visibility is also useful in assessing which assets have the greatest value and would include business operations if affected by a cyber event.

To gain network visibility, defense organizations must take advantage of cybersecurity tools that help decompose and define CI assets across the entire network. This layered approach reduces an attacker’s ability to maneuver through the different layers of defense mechanisms, with each layer being more complex than the next. However, building a layered approach requires a strategy to be effective. It also requires defense organizations to constantly test their security measures to prepare for an attack and adapt as necessary to comply with industry regulations.

2. Maintain granular control over available assets
Defense organizations must be able to maintain control over available assets to reduce additional exposure to cyber threats. As Australia’s defense industry increases its military defense capabilities, including the recent acquisition of nuclear-powered submarines, understanding what is needed to manage and defend against cyber threats is more important than ever. new and evolving. Without specific cybersecurity awareness, defense organizations will not be able to mitigate risk and defend against cyber threats.

To mitigate risk, defense organizations should leverage shared knowledge bases such as the MITER ATT&CK Framework for Industrial Control Systems (ICS) to better analyze and evaluate the techniques used by cyber adversaries when performing of attacks.

3. Mitigate cybersecurity incidents with non-invasive approaches and predictable states of operational change.

There has been a marked increase in cyberattacks, which has exponentially increased the cyberattack surface for defense organizations. And, despite military-grade cybersecurity, vulnerabilities remain. To help protect CI assets from threats, defense organizations must implement non-intrusive strategies to respond to cybersecurity incidents. For example, a vulnerability assessment is a non-intrusive approach that produces a prioritized list of security vulnerabilities. Automated analysis can identify vulnerabilities that could be exploited in an attack that organizations can fix without exploiting those vulnerabilities. From there, organizations can choose to use intrusive approaches such as penetration testing to simulate an actual attack to determine the robustness of their OT security in protecting CI assets.

Defense organizations are seen as high-value targets by well-funded state-sponsored threat actors with unwavering political motivation and well-designed zero-day exploits. In many cases, attackers will observe the supply chain to identify the path of least resistance. Without adequate cybersecurity strategies, protected, secret and top secret information and classified assets are exposed to cyber events such as ransomware and phishing. As such, it is crucial for defense organizations managing CI to take a three-pillar approach to building their cybersecurity framework. This will ensure organizations understand, control, and mitigate all forms of cyber risk to not only better protect CI and OT assets from devastating cybersecurity incidents, but also to protect those who serve this country.

Michael Murphy, Head of Operational Technology and Critical Infrastructure – Australia, Fortinet

How the Defense Industry Can Ensure a Secure State for Critical Infrastructure

Last update: July 28, 2022

Posted: July 28, 2022

Share.

Comments are closed.