Protecting process infrastructure from cyber attack

Louise Davis

In October 2016, the UK government launched the National Cyber Security Centre (NCSC) aimed at enhancing the country’s ability to deal with cyber threats. The move outlined the growing importance of cybersecurity in both the private and the public sector. 

Here, Nick Boughton, digital lead at Boulting Technology, shares his advice for making critical infrastructure more secure.

The cybersecurity of critical infrastructure and assets has been a growing concern to businesses, consumers and the UK government for a number of years.

Concern is growing alongside the threat of attack to infrastructure systems, which multiplies year on year. As recently as June 2018, software company Symantec discovered Chinese hackers had compromised computer systems operated by satellite operators, defence contractors and telecommunications companies.

The increased threat to infrastructure systems means businesses are becoming warier and many are planning enhanced cybersecurity regimes to counteract the risks.
 
Arms race

The NSCS complements existing government bodies, including the Centre for Protection of National Infrastructure (CPNI), which was launched in 2007 to tackle threats to infrastructure, including cybersecurity.

As a UK Government authority, the CPNI provides security advice to businesses and organisations working in thirteen national infrastructure sectors: chemicals, civil nuclear communications, defence, emergency services, energy, finance, food, government, health, space, transport and water.
 
Since the CPNI was formed over ten years’ ago, infrastructure, and the cyber threats posed, have changed dramatically. Almost every one of these sectors now relies heavily on the internet, meaning one attack could affect many critical sectors.
 
The protection and advice from these government bodies is aiding each of the thirteen cybersecurity sectors to protect their assets in the cybersecurity arms race. In this race, ethical hackers known as white hats are constantly evolving their protection techniques and searching for bugs in software, in order to fix any vulnerabilities before the black hats, or potential attackers, exploit the same flaws.
 
One example of a security issue being discovered and eradicated by a white hat is the Shellshock vulnerability, which had the potential to let a developer issue commands to most internet servers. A flaw in a program called Bash, which is a text-based way to run commands on many operating systems, including Linux and Mac, meant code left by another program running Bash could be automatically executed.
 
This flaw opened the potential for attacks directed at internet infrastructure. Servers running Bash were at risk of leaking usernames and passwords, having web pages defaced, being enslaved into cybercrime or having their organisations’ private information released publicly.
 
Luckily, the developer who discovered the Shellshock vulnerability was a white hat, who immediately alerted software vendors that were able to patch the bug from their software. Though, as with all vulnerabilities, infrastructure can only be made safe by regular updates, to patch out any flaws such as this one.  
 
Fight for safety

At Boulting Technology we recommend an end to end cybersecurity approach, particularly for critical infrastructure, where an undetected or unpatched flaw could have a devastating impact.

A survey of the current equipment and software used in any environment must be the first point of call, whether they are working in the water, transport or food processing sectors. Both operational technology (OT) and information technology (IT) systems must be analysed, to ensure the entire plant is as secure as can be. These findings can be broken down into a traffic light system and used to prioritise the steps that must be taken.
 
These steps can range from finding the most up-to-date security patches for legacy systems that might need manually updating, to reanalysing network permissions. Depending on the findings, these changes might need to be made immediately or could be integrated into the long-term maintenance plan for the plant.
 
Plant managers are often concerned about the security implications of integrating systems together. While this is one way in which flaws or holes in the cyber protection systems can be created, an experienced and reliable integrator will be able to advise of any potential implications before they arise. That’s why Boulting Technology has formed an alliance with NETbuilder, to ensure its clients receive an end-to-end digitalisation service, assuring plant managers of both the value of the integration and the security of the entire system once it has been completed.