Cyberattacks on Critical Infrastructure
Mar 3, '21 by Joerg Schneider-Simon
In December 2020, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that a suspected Russian hack "poses a grave risk to the federal government." The agency added that "state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations" are also at risk.
CISA believes the hack began as early as March 2020. Since then, multiple US federal government agencies, including the Department of Energy, have reportedly been targeted by the hackers.
CISA has not identified the advanced persistent threat actor behind the significant and ongoing attacks, but many experts say the attacks are of a scale and level of sophistication only possible by nation states, and that Russia is the leading suspect.
America’s a Major Target … but Not the Only One
Russia, of course, is just one of multiple nation-state actors who are targeting critical infrastructure in the US, according to a White House report involving the National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
These nation states are targeting the internet-connected operational technology being used in US critical infrastructure, such as electricity, water, and gas facilities. In response to these threats, the NSA and CISA have directed the owners and operators of critical infrastructure to take immediate action to secure these systems.
They’re not alone. Other countries like Japan, Iran, Germany, Ukraine, Israel, and the EU have fallen prey to critical infrastructure attacks in recent years, causing countries like Australia, the United Kingdom, and Canada to issue warnings about these types of cyberattacks.
What Critical Infrastructure is Being Targeted by Cyberattacks?
Critical infrastructure consists of the systems, facilities, technologies, and services that are essential to the well-being of a country’s population and its government. Critical infrastructure includes:
- Energy generation and distribution facilities
- Nuclear reactors, materials, and waste sector
- Water and wastewater facilities
- Hospitals and healthcare facilities
- Government buildings
- Emergency services
- Financial services sector
- Food and agriculture sector
The World Economic Forum (WEC) estimates that cyberattacks on critical infrastructure—rated the fifth top risk in 2020 by their expert network—are now the new normal across energy, healthcare, transportation, and other sectors.
The WEC notes that attacks on critical infrastructure have affected entire cities, and that both public and private sector organizations are equally at risk of being held hostage to ransomware and other attacks.
The threat of cyberattacks on critical infrastructure are particularly grave for a number of reasons:
- Organized criminals are joining forces to use cyberattacks to extort money from their victims.
- The Internet of Things, and particularly the Industrial Internet of Things, is expanding the attack surface every day.
- The likelihood of getting caught and prosecuted is as low as 0.05% in the United States.
- Cybercrime-as-a-service is now a business model, one that criminals without technological savvy can simply rent by the month.
- Hacking tools are more accessible and affordable than ever before thanks to the Darknet.
Top Cybersecurity Threats Against Critical Infrastructure
Cyber threats against critical infrastructure are unique because they bridge the gap between the cyber world and the physical world. Attacks on critical infrastructure typically aim to destroy, incapacitate, or exploit energy facilities, water treatment plants, dams, communications systems, and other critical infrastructure in order to:
- threaten national security
- destabilize governments
- cause mass casualties
- weaken national economies
- damage public morale
Attack methods include malware, spyware, distributed denial-of-service, phishing, and ransomware.
Protecting Mission-Critical SAP Systems
In many cases, protecting critical infrastructure against cyberattacks means protecting the SAP systems that offer hackers access to this infrastructure.
Here are the steps you must take to deter cyberattacks on your SAP systems.
- Protect SAP applications against content-based attacks
- Protect your organization against the cybersecurity risks that are inherent to SAP FIORI
- Run anti-virus software that is customized for SAP, since regular anti-virus software is not compatible with SAP
- Install the latest SAP Security Notes immediately to protect web applications and endpoints from new cyber threats
- Install firewalls that protect SAP web-based applications, such as SAP S/4HANA
- Write secure code to prevent cross-site scripting
- Insert file download protections into your HTML headers to prevent cross-site scripting
- Use MIME-type checks to detect vulnerabilities in SAP file-format integrity
- Conduct regular penetration testing
- Conduct regular code reviews
The attack on US government departments that was uncovered in December 2020 had likely started months before. Experts estimate that the hackers penetrated key government networks in March, and moved around freely for at least six months before they were detected. In short, it’s never too early to start putting increased security measures in place.
If you think you might be at risk, read about the Three Signs You Are Vulnerable to an SAP Cyberattack (and How to Respond). And if you need help protecting your SAP systems from viruses, content-based attacks, particularly your web-facing SAP applications, get in touch for a free consultation.