Why and how the US should improve cyber protection: a call to arms

Missed a session at the Data Summit? View on demand here.

This article was contributed by Amir Sternhell, CSO of Sertainty Corporation.

Since 2016, Russia has been sanctioning state-sponsored cyber-attacks on critical US infrastructure with the Energetic Bear Malware. It has proven that it will repeatedly use zero-day attacks on Ukraine with the aim of crippling its critical infrastructure and financial system. However, with the latest Russian incursion into Ukraine, there are cybersecurity solutions and mitigations that can be taken to protect global critical infrastructure from the latest round of malware emanating from Russian hackers (Sandworms).

CISA released the following statement: “All organizations are at risk of being targeted by ransomware and have an urgent responsibility to protect against ransomware threats.” The following is intended to notify CISA that there are recent technologies and structures that counter and nullify industry sabotage or the need for retaliation.

Cybersecurity Solutions: Situational Awareness

The Colonial Pipeline Breakthrough on May 7, 2021 has exposed the reality we need

Innovative solutions to secure the energy sector and pipelines. Joseph Blount, the CEO of Colonial Pipeline, gave testimony in Congress that emphasized that we are not doing enough to protect our fuel while defending Colonial Pipeline’s decision to pay for ransomware and keep it confidential.

What has become clear is that the Industrial Internet of Things (IIoT), while still in its infancy, is responsible for only a small percentage of breaches attributed to cyber-attacks, but will require our utmost attention in the future. This is due to the $1.2 infrastructure bill passed in 2021. The bill aims to upgrade our critical infrastructure and create opportunities related to choosing renewable energy sources, converging between an operational technology (OT) environment and an information technology (IT) environment. This will make the need for cybersecurity solutions more holistic and necessary on an end-to-end basis.

Countering attacks by nation states, directly or through proxies, requires containment (obscuration and destruction) from our critical infrastructure to make things resilient and the solution on a competitive basis. PLC, SCADA and DCS are the most exposed segments in the OT world and are linked to unsecured locations and IIoT sensors with limited battery power and limited memory capacity. Current cybersecurity solutions for the OT market are proprietary, incompatible between vendor platforms, and do not leverage lessons learned from current cyberthreat vectors that seek to change industrial control systems (ICS).

The challenge

Solving industry challenges, including network visibility in endpoints, is critical. Every device on a network is a potential target of attack due to the increasing complexity of adding renewable resources and managing resources and disparate security solutions. Resiliency goals have accelerated convergence between OT and IT environments as a result of the distributed, digitized and decarbonisation trends that underpin the environmental, social and governance (ESG) goals that the Global 2,000 aspires.

Therefore, deploying a zero-trust architecture at the sensor data and mesh grid level is within our reach and means to preserve the integrity of a command, whether the mesh is chartered or unchartered. In short, we have resources to circumvent (replicate) existing OT networks that are agonistic to any underlying infrastructure and deploy them in a non-networked serverless manner that can recreate or circumvent microcontrollers, automated PLCs and SCADA touchpoints to reset cyberattacks and contest or present false realities.

The solution

It is the duty of the cybersecurity community to pursue holistic solutions for networks and networks through a “digital twin” construct that will identify, prevent, backup and recover emerging threats and continue to protect vital assets during periods of attack or attack. disturbances. The purpose of this new implementation is to retrofit Security Operating Centers (SOC) currently struggling with hostile artificial intelligence tools that have faked and hijacked PLC-SCADA systems and their sensors to make systems tamper-proof.

A digital twin deployment will improve the security and resilience of critical infrastructure. This coordinated, multi-faceted outcome will be achieved through a zero-trust and non-networked (serverless) architecture, automated for real-time monitoring, alerting, analysis and decision making. Basically this is a rewiring/remake of Network Access Control (NAC) and Human Machine Interfaces (HMI). These solutions, at the asset, data and mesh level, exist in countries such as the US, Israel and the UK. These countries are striving for a progressive defense position in the global cybersecurity arena. We must be open to an adaptive approach if we are to maintain our resilience along the geopolitical realities of the West and the Rest.

Amir Sternhell is CSO of Sertainty Corporation.

DataDecision makers

Welcome to the VentureBeat Community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

If you want to read about the very latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers

This post Why and how the US should improve cyber protection: a call to arms

was original published at “https://venturebeat.com/2022/03/11/why-and-how-the-u-s-should-increase-cyber-protection-a-call-to-arms/”