How the space industry can ensure a safe state for critical infrastructure

0

Fortinet’s Michael Murphy explains how the space industry can strengthen its defenses to secure critical infrastructure.

Space has long been considered the ultimate frontier. Although its ever-expanding nature suggests that we may never fully conquer space, progress in this field is exciting and offers great opportunities for humanity.

A growing proliferation of forays into space-related exploration and science means that space technology is now at risk of cyberattacks. Like the universe, the edge of the network is constantly expanding.

With each new connected device or application, the edge expands a little more, increasing the potential attack surface that can be exploited by cybercriminals.

For organizations managing critical infrastructure and assets, this is of particular concern, especially for assets that continue to move beyond Earth’s boundaries.

The Australian government now recognizes space technology as critical infrastructure, under new legislation introduced last year in the form of the Security (Critical Infrastructure) Amendment Act 2021 as well as the Security Legislation (Critical Infrastructure Protection) Amendment Bill 2022, which was recently tabled in parliament.

In addition to codifying space technology as ICs, the new legislation has resulted in a change in serious cybersecurity incident requirements for all IC operators.

This has transformed the landscape for many companies, and it is essential that space organizations understand how to effectively meet the new requirements to protect their CI assets.

Before an organization can take steps to meet changing requirements, it is important to understand the requirements themselves. Two of the main obligations of the updated legislation are:

  1. Registry of Critical Infrastructure Assets: Organizations that are responsible for CI assets must provide ownership and operating information to the Critical Infrastructure Asset Registry. This includes providing information when an asset is first registered and whenever information is invalid, incorrect or out of date.
  2. Mandatory reporting of cyber incidents: organizations responsible for CI assets are required to report critical and other cybersecurity incidents to the Australian Cyber ​​Security Center (ACSC) online cybersecurity incident reporting portal. Reports must be made within 12 hours of becoming aware that an incident has occurred or is occurring that has had or is having a significant impact on the availability of an asset. If an incident has had, is having or is likely to have a significant impact on an asset, reports must be made within 72 hours of becoming aware of an incident.

The impact on space

Understanding their role in protecting CIs is crucial for space organizations, as is understanding the potential cybersecurity risks associated with their operations.

While it may seem obvious to some that any device connected to the network is at risk of being exposed to vulnerabilities and cyberattacks, the connection is not always so clear, especially for CIs that lie outside the boundaries. traditional.

DISCOVER

Simplifying the environment can make it easier to identify and manage potential risks.

For example, critical space infrastructure (CSI) can be divided into five distinct types or categories: remote sensing, communications, meteorology, global navigation satellite systems (GNSS), and administrative and legislative frameworks.

While some of them may have – for lack of a better term – simple or innocuous purposes, such as climate monitoring, many CSI assets are responsible for communications that could have devastating effects if interrupted. , making them particularly high-profile targets.

And, as space is arguably an incredibly hostile environment and its command encourages fierce competition on earth, CSI is an increasingly vulnerable space.

Changes to Australian government legislation have highlighted the important role space plays in terms of CI assets, as well as the need for accurate and timely communication regarding any potential incidents.

As such, it is crucial that space organizations are properly prepared to protect their assets, including developing a comprehensive cybersecurity strategy and deploying critical technologies.

First, organizations need to understand the difference between securing CI assets and securing computer networks.

The unique nature of the operational technology (OT) that underpins CI assets means that traditional IT security methods and approaches will not work for OT in a CI environment.

To mitigate these challenges, organizations need to identify and resolve the friction points between business objectives (OT) and IT objectives and define an approach that will achieve mutually beneficial results.

Space organizations will need to assess both the current and desired future state of the business and its assets before outlining how it plans to achieve its goals.

This should include three key considerations:

  1. Operational efficiency: which critical components are degrading or damaged, as well as what needs to be done to mitigate potential operational downtime or exposure to on-site security risks for personnel.
  2. Security:what actions should be taken to reduce performance overhead or improve host lifecycle management, without impacting maximum tolerable downtime (MTD) or mean recovery time (MTTR) through real-time threat intelligence and sophisticated campaign monitoring.
  3. Security:how can new technologies be integrated into the stack, and what types, to ensure the continued safety of the people they serve?

Organizations responsible for CSI also need to better understand the threats they will be exposed to in order to develop an effective cybersecurity strategy.

This should include three key considerations:

  1. Operational efficiency: which critical components are degrading or damaged, as well as what needs to be done to mitigate potential operational downtime or exposure to on-site security risks for personnel.
  2. Security: what actions should be taken to reduce performance overhead or improve host lifecycle management, without impacting maximum tolerable downtime (MTD) or mean recovery time (MTTR) through real-time threat intelligence and sophisticated campaign monitoring.
  3. Security: how can new technologies be integrated into the stack, and what types, to ensure the continued safety of the people they serve?

Organizations responsible for CSI also need to better understand the threats they will be exposed to in order to develop an effective cybersecurity strategy.

This can be achieved in part by assessing three key components of malicious threats:

  1. Threat Actor: the person or organization behind an attack. Space organizations can assess threat actors by considering the threat actor’s intent versus their ability to carry out an attack.
  2. Threat vector: the entry point or vulnerability exploited by the threat actor.
  3. Offensive: the exploit used by the threat actor to achieve their goals and the resulting impact.

When it comes to protecting CI and OT assets from devastating cybersecurity incidents, space organizations must also consider three key pillars around which to build a security framework:

  1. Visibility: thisIt’s essential to understand which assets need to be protected to comply with any type of legislation or framework. Visibility allows the organization to see which solutions need to be mapped and considered in any potential roadmap. Using the Purdue model formerly Purdue Enterprise Reference Architecture (PERA) will allow organizations to more easily decompose and define CI assets across the network.
  2. Asset control: it is also essential to maintain control over the assets available to protect them and defend them against threats. Leveraging shared knowledge bases, such as the MITER ATT&CK Framework for Industrial Control Systems (ICS), can give space organizations critical insights to help maintain control of CI assets, even if they don’t have the specific knowledge required to manage or defend against new and emerging threats.
  3. Prioritize non-invasive approaches: Space organizations also need to understand which defensive approaches work best for different assets.

Using non-invasive approaches such as deception technology can be particularly beneficial because it allows attackers to think they are on the network without actually being there.

Space organizations must also consider the risks that their expanded network poses to their environment. For example, adopting the MITER System of Trust (SoT) framework can help organizations better protect their environments against vulnerabilities in their network that can be exploited by malicious actors.

Using the MITER SoT framework enables space organizations to assess the three main trust aspects of supply chain security – suppliers, supplies and services – and build a foundation of trust within their network.

Space organizations can then use the MITER SoT framework to identify and address 14 high-level decision risk domains associated with trust. This can help space organizations that manage CIS to further build their cyber resilience.

As Australian space organizations continue to explore the limits of what is possible beyond Earth’s atmosphere, staying cyber-secure and highly resilient must be a priority. Securing space-related infrastructure requires an entirely different approach and set of tools than securing enterprise IT networks.

Space industry organizations must partner with cybersecurity experts to ensure their security posture remains resilient so they can continue to unlock the final frontier.

Michael Murphy is Head of Operational Technology and Critical Infrastructure, Australia at Fortinet.

How the space industry can ensure a safe state for critical infrastructure

Australian_Space_Agency_Space_Data.jpg

lawyers weekly logo

Last update: August 29, 2022

Posted: August 29, 2022

Share.

Comments are closed.