The critical infrastructure that powers and enables key aspects of our daily lives - from the electric grid to water utilities - consists of assets, systems, and networks that must be protected. Without this protection, adversaries could create real lasting damage with a widespread impact, affecting everything from hospitals to our own homes.
With so much at stake in public sector cybersecurity, the protection of OT assets that make up critical infrastructure is not always the first priority. But at a recent panel at Adapt24 titled, “Secure Critical Infrastructure: Continuing to Fuel Our Way of Life,” speakers Tony Parillo, Enterprise IT Global Head of Cyber Security at Schneider Electric, and Vice Admiral Timothy White, Former Commander of U.S. Fleet Cyber Command and U.S. Tenth Fleet (Ret.) and the Founder and Manager of OneNetworkConnections, discussed the risks of leaving this environment unprotected and ways to enhance security moving forward.
We’re recapping three insights from their discussion, with additional details into how Claroty is approaching this important challenge.
Key Insights on Securing Critical Infrastructure
1. The protection of critical infrastructure demands our attention
In a world that is more interconnected than ever, the public sector faces an uphill battle to secure critical infrastructure, often due to a lack of financial and other resources. The lagging security is one of the many reasons why it may be targeted by foreign adversaries, both Parillo and White noted.
“It’s easy, and we don’t defend it, and there are no consequences to going after it,” White explained. “A lot of other nation states are aggressively and actively probing and trying to get a sense of what the U.S. and other nations’ readiness and response would be.”
Everything that goes in the electric grid, a water pump system, or emergency response system is connected to sprawling networks with more and more connected devices, which is difficult to secure, but opens the public sector up to potential attacks that could have devastating consequences. Consider the well-publicized Volt Typhoon, a Chinese nation-state threat group who has targeted the networks of multiple U.S. critical infrastructure organizations. The ability to get in, ‘live off the land’, and remain latent until ‘go’ time is a valid concern of this and other nation-state activities.
Both Parillo and White emphasized that the time to face these threats is now and preparation must be prioritized.
2. Developing the right approach to recovery is time-sensitive
The other time-sensitive element is recovery time, which means the strategy must involve both proactive and reactive measures in order to recover quickly.
One non-cyber example demonstrating how critical recovery time is in a potential attack is that of the Texas power grid failure in the 2021 winter storms. This had a devastating impact on Texas residents and overall local continuity.
“If you think about hospitals, if they don’t have electricity, people die. Grocery stores, which we take for granted, if they don’t have electricity all that frozen food melts, everything else goes bad and they end up throwing everything away,” Parillo noted. “Being able to recover quickly and easily from anything would be winning.”
One way that the government can prepare for these incidents is to engage communities at a local level and raise awareness.
“The more that you do on your own at the individual level, as a family, in a community, in a neighborhood, in a town, in a county, all that rolls up,” White pointed out. “Civil society and citizens [need more awareness] about why they are vulnerable, what an exposed attack surface looks like, what they can do with commonly available tools.”
3. Protecting critical infrastructure requires the partnership of the private and public sectors
The most important takeaway on this topic was that “cybersecurity is a team sport,” as Parillo put it, or the “value of collective cybersecurity,” as described by White. They emphasized the importance of exchanging information and working together on offensive and defensive tactics to protect the nation and our communities at large.
“Some of the indications or warnings are some things the private sector will never have,” Parillo observed. “The organizations like CISA and the FBI play a critical role in helping us on the commercial side stay secure and keep the lights on for everybody.”
“You can’t do it alone,” White commented. “One thing we always said in our part of the joint force is that any kind of operation in the cyber space, whether it’s offensive or defensive, is going to be doomed to underperforming if you think you can do it alone or in isolation. You have to have some view of teammates. You have to have some ability to exchange information and generate shared awareness.”
White introduced the term “competimates” to demonstrate that even entities that typically compete against each other, like competing vendors, must come together as teammates in order to advance a security agenda, emphasizing, “No company on its own will be able to defeat a nation-state.”
Participating in the Fight to Secure Critical Infrastructure
Parillo and White both emphasized that public-private partnership to protect and secure critical infrastructure is important - and it has been happening. By participating in organizations like the Joint Cyber Defense Collaborative (JCDC), a program for cyber defenders to gather, analyze and share actionable cyber risk information, and the OT Cyber Coalition (OTCC), where OT security vendors work with the Federal government to ensure effective OT cybersecurity, Claroty provides vulnerability insights and collective OT security expertise. Additionally, Claroty’s Team82 provides a substantial number of OT-related vulnerability insights and research findings to CISA to turn into advisories that governments and the private sector can utilize.
Visibility is the first step in identifying what must be protected among critical infrastructure OT assets, and the existing risk profile of every asset to identify and ultimately address weak links. Another example of such partnership, Claroty and Axonius partner to help organizations understand their collective IT and OT attack surface exposure landscape - critical for their operational continuity.
For more information about how Claroty is working with an entire ecosystem of technical alliance partners, as well as what we contribute to the JCDC, OTCC and others, to help secure critical infrastructure, speak with a member of our team today.
