7 cybersecurity best practices for safeguarding critical infrastructure sectors
It’s hard to deny the many societal and economic benefits of the world’s ongoing digital transformation. In virtually all cases where digital infrastructure is made freely available to people, we see a reduction in poverty and a strengthening of democratic practices. However, our major institutions’ dependence on information and communication technologies (ICT) has made them—and the global public by extension—far more vulnerable to the actions of a few malicious actors than ever before.
Empowered by new technologies like next-generation artificial intelligence tools, cybercriminals are now launching 24/7 attacks on key government and private organisations. These new cybercriminals are no longer just the thrillseekers often depicted by pop culture. Overwhelmingly, malicious online actors are now funded by well-organised and highly adaptable criminal enterprises, non-state actors, and hostile governments. More importantly, these malevolent agents are scoring some very worrying successes.
The 2021 Colonial Pipeline ransomware attack was largely ignored because of wider events like the COVID-19 pandemic. However, it was arguably a watershed moment that demonstrated how determined hackers could easily paralyse vital infrastructure and undermine economies. Notably, incident happened because of Colonial Pipeline’s poor enforcement of cybersecurity practices, with the hackers using a leaked password obtained on the dark web.
Of course, leaked passwords are not the only ways malicious actors can enter into infrastructure ICT systems. To improve critical infrastructure protection and mitigate the threats posed by hackers, cybersecurity policymakers must consider the following practices:
1. Take cyber threats seriously
While system breaches are exceedingly common, cybersecurity is rarely taken as seriously as it should be. Most policymakers are now cognisant of cyber threats, but few will commit the resources needed to put up a credible defence posture. Tragically, it often takes a recent, serious event to set things straight. Prioritising a realistic view of cyber threats at all levels is a must for any organisation tasked with maintaining critical infrastructure assets.
2. Practice good cyber hygiene
Many high-profile cybersecurity breaches can be avoided if all the employees involved take cyber hygiene seriously. In the Colonial Pipeline incident, it was not just the employee whose password got leaked who was at fault but also arguably the IT managers who failed to implement common practices like multifactor authentication (MFA) and password rotation. Had, for instance, MFA been implemented, the incident probably would not have happened, since the hackers would have needed information other than the leaked password.
For the best possible cyber hygiene, adopt a least privilege access policy. Such a policy limits user access rights to only those necessary for performing job functions. Restricting access reduces the attack surface for malicious parties and also mitigates the potential damage from inside jobs.
3. Implement frequent cybersecurity training
As cybersecurity specialists and malicious actors attempt to out-innovate each other, the nature of cyberattacks tends to change. Given this, employees and other infrastructure system stakeholders must be trained in the most current cybersecurity best practices. The higher the stakes of a system breach, the more frequent and up-to-date this training should be.
4. Establish emergency protocols
Hackers often rely on the chaos immediately following a successful attack to cause even more damage and confusion. A disaster playbook containing detailed emergency response plans can save organisations precious minutes in their response, mitigating the damage to infrastructure systems. These plans should include data backups, communication channels, and clear assignments for every stakeholder.
5. Secure IoT devices
Unsecured Internet of Things (IoT) devices have been used by malicious actors to breach critical systems. A serious issue with them is that they’ve become so ubiquitous that they’re easy to overlook. When these devices do have security features, they’re often minimalistic, if not flawed.
Securing IoT devices can involve typical practices like changing default passwords and implementing MFA. However, the best practice may be to not link them up at all to any system that is, in turn, also linked to the organisation’s infrastructure.
6. Enhance network segmentation
To expand on the previous best practice, organisations must consider implementing wider network segmentation. This is done by dividing critical infrastructure networks into smaller, isolated segments that prevent lateral movement by attackers within the network. When done well, it may help contain the damage dealt by a cyberattack without impeding everyday system functionality.
7. Conduct regular security audits
Even the most secure systems will have holes if you look hard enough. By performing routine security audits, organisations tasked with maintaining infrastructure systems can proactively fix vulnerabilities that could potentially be exploited by malicious actors. More importantly, regular security audits can prevent organisations from becoming lax in their cybersecurity practices.
A call for rational infrastructure cybersecurity
Whether you’re talking about the software that controls real-world assets like oil pipelines or ones that provide abstract functions like managing healthcare data, infrastructure cybersecurity should be a chief concern. The modest cost of implementing the practices described above is a small price to pay to ensure the continued functioning of vital infrastructure and, by extension, the welfare of the wider public.
We have to acknowledge that today’s hackers are among the most innovative and intelligent people out there. The participation of organised crime gangs and unfriendly governments multiplies the threat posed by these individuals severalfold. Fortunately, implementing relatively simple practices can do much to confound their activities or, at least, limit the damage wrought by successful intrusions.
