How to Secure Defence Industrial Bases and Organizations From Cyber Attacks
During October Cyber Security Awareness Month, we brought attention to best practices in cyber security today, some of the more prominent cyber attacks during the past year, and the current state of cyber security regulations worldwide.
We chose to close this special series of articles with a look into the cyber security of defence organizations – as cyber threats continue to grow in the context of destabilized global digital space.
Recently, there have been many notable cyber attacks on defense organizations worldwide:
- The Lazarus group, a hacker organization affiliated with North Korea, was accused of targeting multiple defence firms in more than a dozen countries in an espionage campaign starting in early 2020.
- In October 2020, the NSA warned that threat actors affiliated with the Chinese government targeted the U.S. defence industrial base as part of a wide-ranging espionage campaign
- In July this year, the Russian defence ministry claimed it was hit with a DDoS attack that caused a temporary website shutdown; it was stated the attack came from outside the Russian Federation.
- That same month, the Ukranian Ministry of Defense linked Russian hackers to an attack on the Ukrainian Naval Force’s website, which published fake reports about the international Sea Breeze-2021 military drills.
- In September, the Norwegian government linked a series of cyber attacks from 2018 to threat actors operating from China; Norwegian state administration centers’ (SAC) IT network was hacked and information on state office employees dealing with defence, national security and state emergency preparedness, such as their usernames and passwords, was extrapolated.
And this is just a short excerpt from a number of attacks on defence organizations that were launched in previous months.
As multiple reports have noted, cyber warfare is on the rise.
What is Cyber Warfare?
With the increased adoption of network systems into defense organizations in the last few decades, these organizations have become more frequent targets of cyber attacks. The IT/OT convergence of recent years has left many organizations exposed, and actually doubled their vulnerabilities.
Not only can the defence organizations’ internal information systems, with their huge volumes or classified data, be compromised, but, now, so can the assets these organizations are operating, seeing as recent years have been marked with developments in ‘smart’ weapon technology.
Computerized, remote-controlled weapons systems form the foundation of many defence plans today. And as with any other kind of network-based system of operation, while there are certainly not many glaring vulnerabilities, those with enough determination are almost certainly going to find a few security gaps and potential entryways. Gaining access to remote controls of computer-operated weapons, or tampering in any way with their process of production, invites easy-to-imagine consequences.
Furthermore, the scale of the attackers’ abilities only grows. Organizations today find themselves the targets of well-funded and well-organized threat actors, who have highly developed technical abilities, and large amounts of time to construct, organize, and deploy their attacks. These attacks can target anything from network and application monitoring platforms used by defence organizations to critical infrastructure sites such as nuclear power plants, gas and oil pipelines and electrical power grids.
In this way, broad geopolitical conflicts are being conducted increasingly through cyber warfare rather than armed confrontation or diplomatic discussion.
Cyber Attacks on Defence Industrial Bases
Defence Industrial Bases (DIB) represent a highly specific target on their own. As modern weapons are built through a supply chain hundreds of companies long, the possibilities of interference at different points of this chain are endless. Small and mid-sized businesses that find themselves at the lower end of the supply chain, with low levels of cyber protection, tend to be particularly vulnerable.
There are different approaches and goals when it comes to cyber attacks deployed on defense organizations and vendors within the DIB supply chain, as listed on Imperva:
- Espionage – most often performed through spear phishing, these kinds of system infiltrations seek to exfiltrate sensitive information;
- Sabotage – once access to important data is acquired, threat actors can destroy it or use it as leverage;
- Denial-of-service (DoS) – these attacks are employed when the attacker’s goal is to disrupt and delay service, either on websites available to the public or internal networks used by the organizations’ employees, which can interfere with production and distribution;
- Attacks on an electrical power grid – this particularly impactful strategy affects critical infrastructure and as such can carry great consequences;
- Propaganda attacks – hacking a governmental organizations website gives the attacker an audience measured in millions, which can be used to broadcast false information, raise panic and spread fear.
Seeing as how a large-scale attack of enough volume would be able to achieve multiple goals of this kind at once, and compromise both the IT and the OT of a defence organization, protecting assets is of the utmost importance.
To tackle this issue, defense organizations have been increasingly adopting a top-down approach to their cyber security measurements – a comprehensive plan that functions on multiple planes of protection at once.
How to Secure Your Organization From a Cyber Attack
While many are currently advocating for an implementation of unified industrial cyber security regulations, while waiting on such laws to be passed, defence organizations have been deferring to cyber security firms like ATS in order to acquire the solutions currently on market.
The recommended approach to an adequate defense strategy today is multifold, consisting of:
Detailed inventory and continued visibility of assets
Knowing precisely the way your assets operate, their routine communication patterns and overall network topologies represents the first step to assuring the safety of your operations. Network maps allow you to focus on problematic areas and compromising situations should they arise.
Dynamic segmentation of network
Migrating networks toward those architectures that are compliant with IEC62443 zones and conduits shuts off the option to be attacked and have it spread across the entire industrial infrastructure. Combining network segmentation with a detailed user access policy and multi-factor authentication minimizes the risk of infiltration.
24/7 monitoring and alarm system for potential vulnerabilities, unauthorized access and network irregularities
Should a device or part of the system still become compromised, an automated alarm system is crucial in terms of notifying those in charge in order to quickly assess the issue.
Regular compliance checks
Detailed ICS logs and incident reports help make audits easier and more effective, and allow CSOs to always meet all the rigid legislative and regulatory requirements, such as CISA, NIST, and the latest updates of CMMC.
ATS is specialized in providing rigorous cybersecurity and data privacy plus assisting to reduce risk for many defence and government agencies in the UAE, Saudi Arabia and other parts of the Middle East region.
Book a consultation with one of the experts from ATS to get an in-depth analysis of what can be done to establish a comprehensive cybersecurity plan and strategy for your defence and government agency.
If you are looking for a handy resource to protect your business from cyber security issues and attacks? We’ve got you covered. Download ATS’s exclusive Cyber Security Fundamentals: Weakness Checklist.
