If the teams responsible for the security had a better understanding of their own networks, cyberattacks could be stopped before they have any impact on critical national infrastructure and other organisations.

Your team is critical

To clarify the above statement, incredibly cybercriminals and hackers have broken into corporate networks and remained there for a long time without being detected. So, this advice may sound a bit obvious at first.  But we can see the need for a better understanding of networks by responsible teams to combat attacks.

For instance, some of the campaigns or attacks involve intrusions into critical infrastructure. Certainly, this is where malicious hackers can do damage that could result in some serious consequences.

Most importantly, those responsible for defending networks don’t always have a full grasp on what they’re managing. As a result, hackers have been able to gain such a strong position

Executive chairman at Silverado Policy Accelerator and co-founder and former CTO of CrowdStrike, Dmitri Alperovitch says “people often misunderstand attacks – they don’t happen at the speed of light, it often takes months or years to get the right level of access in a network and ultimately to be able to push the trigger and cause a destructive act.”

Therefore, detecting and stopping intrusions is instrumental. So, a deeper knowledge of your network is required to be able to detect any suspicious or unexpected behaviour. That’s to say, educating yourself about your network, can go a long way.

Alperovitch adds that, if you’re looking inside your systems, hunting for adversaries and applying intelligence, you’re able to discover them even if they get in, before they do any damage,” 

As industrial environments have become increasingly connected with Internet of Things sensors and monitors, knowing what’s on the network has become even more crucial in recent years.

Allowing for better monitoring of systems for efficiency, maintenance and repair, the devices are useful to infrastructure providers. But if there not properly managed, they could be weak points for attackers to access the network. “We need to be pro-actively testing,” says Annessa McKenzie, VP of IT and CSO at Calpine, an American power generation company.

McKenzie explains that “we need to grow more of that capability to go in with that confidence so that before there’s a breach, we at least have a basic understanding of this environment. She warns, when we go in completely blind, what should take days to respond takes weeks, sometimes months – and we never really understand what happened.”

We need to think like a hacker. Firstly, by thinking about the network and how an attack could exploit it. Secondly, once discovered and thought about, security teams could uncover unexpected means that hackers could use to exploit the network.

Rob Lee, CEO and co-founder, Dragos, the industrial security provider says there’s “too little focus on what the attack is going to look like” A lot of emphasis has been put on segmentation, monitoring, and anti-virus. But of- course these are good protective measures to have in place.

Most importantly, we need to think a little more out of the box, “lets work backwards”, suggests Lee. Asking questions such as ;

  1. What kind of response do we want to have?
  2. Do we want to get the plant back up and running? 

Taking the time to examine the network this way, Lee says gives a better understanding of the requirements of what the network needs to ensure security. Organisations responsible for industrial control systems can then take better control. As a result, enabling those responsible for critical infrastructure can help everyone by detailing what they find to the government. In other words, understanding the root cause analysis.

Because “the ICS community has the ability to look at this backwards” in turn it can educate the government. “And that’s when the government can be impactful”, says Lee

Government intervention could help boost cybersecurity across critical infrastructure. Firstly, by providing an environment for organisations to share information about attacks. And secondly, by compiling a best practices process for protecting networks.

For example, “they could create a platform for companies to come together and exchange best practices and assistance and maybe even host some sort of joint public private response capability. That would help propel things along,” says Michael Chertoff, former United States Secretary of Homeland Security. Michael Chertoff is also the co-founder and executive chairman of The Chertoff Group, a security and risk advisory firm.

Chertoff also says that the liability for security shouldn’t just lie with infrastructure providers and other organisations. It should also be in part the responsibility of the companies that build the specialist systems and connected parts used in these environments.  So, some responsibility must be taken especially if they’re found to be inherently insecure or vulnerable to cyberattacks.

Meanwhile, Chertoff points out that manufacturers are saying ‘it isn’t our problem, we just give you the stuff, it’s on you’.”

In short, Chertoff believes a combined effort is required of shared and good knowledge about what the network looks like, infrastructure and utilities providers. A shared responsibility can go a long way towards to putting a stop to falling victim to hacking campaigns and cyberattacks. Certainly, we can see there’s a bit of a way to go before this is the case.

Above all, we would like to believe, “the greatest advantage defenders have is if they know their environment better than an adversary – but that’s not always true, says Alperovitch. Unfortunately, he says “if the right tools and capabilities aren’t in the organisation,” they just aren’t capable of- knowing, their environment.

However, if they do it enables them to recognise an adversary and eliminate the threat “before any damage is done”, says Alperovitch. Importantly, that’s when businesses gain the upper hand, against these would be attackers.

A better understanding of your own network is the first step in thwarting the plans of cyber-criminals.