Précédent
23 mai 2024
Cybersecurity trends for control rooms and critical infrastructure
4 min de lecture
Cybersecurity is one of the hottest topics in professional IT systems. Hackers search for new ways to penetrate networks, while security experts try to outsmart them and stay one step ahead. New technology is being leveraged by both sides. In this article, Barco’s Product Security Officer, Timo Kosig, dives into the new trends in cybersecurity in general, and control rooms in particular.
Hackers are often just burglars. They want to break into a house and search for the easiest way to do it. If the house has a very tight security system, and every possible entrance is protected by three key locks, the burglar will walk away and search for an easier target. Does this mean it’s completely impossible to gain entry? No, and in the movie version, Tom Cruise would definitely find a way in. After all he has all imaginable resources at his disposal to help him. The point is that the average burglar knows there are thousands of other houses that are secured less well. This is also often the case for cybersecurity.
However, due to the changes in geopolitical situation, we see more focused attacks on critical infrastructure. While past attacks used to be more opportunistic, attacking the easiest targets, they tend to become more focused now. This is an alarming trend, of which the cybersecurity staff at critical infrastructure organizations should be aware!
Careless clickers & ransom extortionists
When talking about hacking, many people think the Hollywood way: a geeky whizz-kid that sits behind a computer and forces his way into a network in less than three minutes. In real life, attacks are a lot more time-consuming and often had the intention to overload systems and shut down the operation (best known is the Distributed Denial of Service attack).
However, in recent years ransomware has been on the rise. Once it has gained a foothold in the attacked network, a worst-case scenario will see the ransomware self-spread and infect as many systems as possible, effectively encrypting all contained data. Then the hackers offer to decrypt the data if a ransom is paid.
This is a real and very concerning scenario for almost every organization today. To recover from a full-blown ransomware attack can take weeks, more likely months, and is going to severely impact an organization at all levels.
But how does that ransomware gain a foothold in the network? The easiest way for hackers to enter the network is by exploiting the biggest vulnerability of all: us humans. That’s right, most security breaches can be brought down to a careless employee clicking a wrong link.
Different flavors of phishing
Phishing is the combination of ‘phreaking’ (breaking into telecommunications systems) and fishing. Not surprisingly, phishing is similar to fishing. The fisherman throws out a line with bait and waits until a fish decides to eat it. Just like this can be any kind of fish, it can be any kind of individual who falls for the phishing mail. In the past, phishing mails were often sent out indiscriminately to as many recipients as possible. This means that the hacker had initially no idea which network he would penetrate, or whose bank account he will rob.
In recent years, we see that hackers work in a more targeted manner, contacting specific employees of a chosen organization. This is called spear-phishing. By narrowly targeting certain people, the hackers can also make the phishing-mails (or phone calls) more convincing. Another type of focused phishing is whale-phishing or whaling, in which C-level management is targeted. These individuals can typically authorize large payments, so hackers go through a lot of effort to do this right. Many of these whaling attacks have cost companies millions.
For cybersecurity professionals, phishing is difficult to deal with. The most effective way to avoid it? Constant education, making employees aware that it could really happen to them…
If all those efforts fail, and ransomware manages to enter and spread in an organization’s network, timing is absolutely critical. Further spread should be contained, if possible, which effectively means taking large portions of the network offline or implementing hard segregation to infected networks.
Once ransomware is contained, the aptly named process of disaster recovery can start which will involve restoring critical systems from backups wherever possible – or rebuilding them from scratch.
The rise of AI
AI is ever-present in today’s trend lists. This article is not an exception. Using AI, attackers can write code a lot faster than normal, resulting in an increase in threats. However, the same goes for the defensive side: AI can help scan the network, search for typical patterns that point to a cyber-attack, and even respond to this attack in real time. This means that the constant race between hackers and cybersecurity personnel to outsmart each other is entering a new level.
But AI not only plays a role in programming! Also, phishing mails can be created to look and feel more trustworthy by using AI. Where in the past you could often spot phishing mails easily by their shaky layout and bad writing, this will become a lot less obvious. This is a trend that will fully emerge in 2024, so be aware of that!
Trust nobody
Once they have entered a house, the burglars typically have free access to every room. Sure, there may be a safe that contains big bucks, but they will be free to sniff around in all the closets. Now imagine that every room is again sealed by an armored door that requires a valid identity card. Now the burglars can only enter the hallway but need to find a way to get into every room. That would discourage even the most determined criminal, right?
It is this principle that is used in a ‘Zero Trust’ architecture. Unlike traditional systems, that use a perimeter-based security model (we create a network segment, add a firewall to protect what is inside, and everything inside is trusted), Zero Trust requires that trust is established every time when there is communication between members of the network. In this way, a full infection of the system is a lot harder.
The improvements that Zero Trust brings are so relevant to security that they are being recognized and required by state law. In the U.S., for example, the President’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028) requires federal civilian agencies to establish plans to drive adoption of Zero Trust architectures. Also, the NIS2 (Network Information Security) directive, issued by the EU for critical infrastructure organizations, adopts Zero Trust as a requirement.
Barco CTRL as a secure platform
Cybersecurity is a joint responsibility of equipment manufacturers and the organization’s IT staff. The former need to develop products that are fully secure, while the latter need to ensure all security settings are correct, the system is up to date at any time, and new software and hardware is introduced the correct way. Our control room software and hardware platform Barco CTRL is Secure by Default, which means that the platform is secure out-of-the-box. No hardening measures must be taken. Of course, the system can be adjusted to the requirements of the organization, and if necessary, security can be loosened to accommodate legacy systems.
Furthermore, Barco CTRL was designed from the ground up following the Security by Design principles. The result is a system that has taken security as a critical component in every step of the design process. It supports operation in a Zero Trust environment, making it compliant with legal legislation for critical infrastructure.
For more information about Barco CTRL, click here or contact us.
About the Author
Timo Kosig is Barco’s Product Security Officer. He is part of Barco’s security office and is the interface between what happens in the outside world (trends, regulations, customer feedback…) and translates those to the requirements for the Barco products. He also coordinates security penetration tests (done by a third party). Before joining Barco, Timo worked as a cybersecurity manager at a healthcare company.