Critical infrastructure will have to operate if there's malware on it or not

istock-internet-of-things.jpg
Getty Images/iStockphoto

As threats and cyber-attacks on critical infrastructure are expected to intensify in the near future, cyber-security experts believe that companies and government agencies should be prepared to operate networks even if there’s malware or a threat actor on the network or not.

The idea is that cyber-attacks should not cause downtime of any form, and networks should be designed in a way that an attacker’s presence does not affect the network’s availability for end users.

Experts who believe in this approach are Major General Robert Wheeler, retired US Air Force, and former Deputy Chief Information Officer for Command, Control, Communications and Computers (C4) and Information Infrastructure Capabilities (DCIO for C4IIC), US Air Force.

Also: State Department shamed for poor adoption of multi-factor authentication

The Major General expressed this viewpoint in a webinar organized this past week by California-based cyber-security firm Virsec.

“That’s where we have to go,” Maj. Gen. Wheeler said. “Many of the networks of our lives, whether it’s critical infrastructure or whether it’s going to be networks in the future, in smart cities, they’re going to have to operate whether it’s malware or in or not.”

“That’s a different concept,” Maj. Gen. Wheeler added, referring to the fact that most networks weren’t even designed with security in mind, let alone to working with threat actors present on them all the time.

“We had networks that were designed to move data around to be helpful, so we played all the quirks that were required at that particular time. [The networks] weren’t designed to protect you from cyber-security [threats], and as soon as we thought there was a bad guy in it, we shut it down. It was that simple,” he said.

“You can’t do that anymore. They are critical to our command and control, they are critical to our common operating picture, they are critical to the control of different systems within there.

“So given that particular aspect, we have to operate on this. We have to operate; whether it’s a critical infrastructure, whether it’s an election, […] or a bank, we can’t shut their doors for two weeks why they try to figure it out. They’re gonna have to operate with a bad guy on the network,” he added.

“How are they gonna do that? They have to isolate it, they only have to execute those execution pieces that are part of their operation and they’re not gonna be able to rely on perimeter defense,” the Maj. General added.

Also: Data breaches affect stock performance in the long run, study finds

But Maj. General Wheeler also touched on what attackers are doing when they break into these networks, while also expressing some fears of how the attacks are evolving and what type of damage these cyber-attacks could cause in the future.

“They used to be kind of obtrusive in the past, smash-and-grab, as I call them. Like in a store where you go and grab all the jewelry, and go. That was always kind of what they were doing, grabbing all the data.

“Now, they’re spending a lot more time observing, spending time in there digging deep, having multiple backdoors, […] and having it that even if you’re aware what happened it’s very difficult for you to actually figure out how to stop them. That’s one that bothers me,” the Maj. General said.

“The other one is more of a data attack,” he added, “and I don’t mean a data attack cause they’re exfiling the data, or stealing intellectual property, but changing the data.

“So, if you’re a bank or something, and you’re worried about something, and somebody is trying to get back at you, one of the ways they’ll do that, obviously, is to continuously change the bank account numbers, and scramble them.

“Those kind of things, where you change the data, scare me,” Maj. General Wheeler adds. “I think you’re going to see that, and not only in banks but in all sorts of things.”

“In the future, when it comes to big data, as big data becomes more and more important, scrambling the information coming from sensors is a really new technique to get the answer [result] that you want.

“And that’s a problem. It’s not a traditional attack, but it’s one that’s extremely sophisticated and has the ability to make some high changes. Whether it’s the elections, which scares me to death, whether it’s actual evidence-based, whether it’s climate, whether it’s some kind of other large pandemic issue, and these kind of things can cause massive damage at one point.”

Also: Apple, Amazon, Google, others called to testify on consumer privacy protections

Asked by ZDNet what he regarded as the biggest problem to securing these critical infrastructure networks, the Maj. General replied.

“The biggest challenge is that there is a general lack of understanding of the threat across the government. For many, if they can’t see it, and if they haven’t been directly affected yet, it doesn’t exist,” the Maj. General told ZDNet via email.

“Before we can improve our tools and training, or adopt meaningful legislation, we must bridge this fundamental knowledge gap.

“We also need to establish stronger standards (through organizations like NIST), a rapid response group and a set of policies that can deal with other countries/entities that attack our infrastructure.”

“The attacks in the Ukraine have certainly raised concern for those managing critical infrastructure across industries,[1, 2]” Gen. Wheeler added. “We are seeing increased investment in security technology, but there’s a long way to go. The is a big gap between IT and OT (operational technology) in terms of security. Most of our critical systems were built with the idea that they are air-gapped – not connected to the outside world and therefore inherently secure. In practice, air-gaps are an anachronism and are increasingly bypassed by advanced attacks.”

All in all, the idea that Maj. Gen. Wheeler is trying to get across is that attacks on critical infrastructure networks are bound to happen at one point or another, as threat actors are starting to comprehend the type of damages they could cause by attacking these weak points in every nation’s defenses, weak points that have been increasingly exposed online in the past two decades.

Changes are needed in the way these networks are being built, managed, and protected so an attacker should never have the ability to trigger a downtime.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 60,999.00
ethereum
Ethereum (ETH) $ 4,091.52
binance-coin
Binance Coin (BNB) $ 481.90
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.15
solana
Solana (SOL) $ 195.51
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.37
dogecoin
Dogecoin (DOGE) $ 0.247937
usd-coin
USD Coin (USDC) $ 0.99952
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 60,999.00
ethereumEthereum (ETH)
$ 4,091.52
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 623.39
litecoinLitecoin (LTC)
$ 195.00
bitcoinBitcoin (BTC)
52.384,42
ethereumEthereum (ETH)
3.513,70
tetherTether (USDT)
0,858775
bitcoin-cashBitcoin Cash (BCH)
535,35
litecoinLitecoin (LTC)
167,46
bitcoinBitcoin (BTC)
44,265.45
ethereumEthereum (ETH)
2,969.11
tetherTether (USDT)
0.725675
bitcoin-cashBitcoin Cash (BCH)
452.38
litecoinLitecoin (LTC)
141.51

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin61,229 0.15 % 0.86 % 0.94 %
Ethereum4,113.4 0.66 % 3.99 % 5.86 %
Binance Coin483.51 0.30 % 1.12 % 1.57 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.160 0.69 % 0.45 % 2.91 %
Solana196.04 0.66 % 0.79 % 20.28 %
XRP1.090 0.38 % 0.59 % 4.76 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2497 0.66 % 1.86 % 6.22 %
USD Coin1.000 0.14 % 0.20 % 0.17 %

bitcoin
Bitcoin (BTC) $ 60,999.00
ethereum
Ethereum (ETH) $ 4,091.52
binance-coin
Binance Coin (BNB) $ 481.90
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.15
solana
Solana (SOL) $ 195.51
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.37
dogecoin
Dogecoin (DOGE) $ 0.247937
usd-coin
USD Coin (USDC) $ 0.99952