Embracing Zero Trust in Critical Infrastructure

The heart of a nation

For a country to provide the necessary security for its citizens, it relies on its critical infrastructure – specific sectors that provide the physical and cyber systems and assets vital to meeting our essential needs. Think government, healthcare, financial institutions, energy, transport, telecommunications etc. In other words, critical infrastructure is the heart that keeps a nation alive. So, of course, there are persons out there that wish for the heart to stop beating.

Hit them where it hurts

Critical infrastructure is just that, critical. So, while it is invaluable to a nation, it is also perceived as valuable to a malicious cybercriminal. Because of its importance, critical infrastructure is an attractive target for bad actors seeking sabotage. As critical infrastructure becomes more reliant on technology, it becomes more susceptible to cyberattacks which can threaten the operability of such entities. What would happen if we did not have healthcare services? How would the economy function without financial institutions? Well, nobody wants to find out, and these industries put strenuous efforts into ensuring that they have various protective measures in place to minimize their vulnerability to an attack. However, nothing can be completely secure, and, naturally, attackers seek to exploit the blind spots that such measures do not cover. I’m sorry to say, they have found a way, one of which is hardware attacks.

Hardware-based attacks

Hardware-based attacks require the use of Rogue Devices which go under the radar of existing security solutions by operating on the Physical Layer. Spoofed Peripherals impersonate legitimate HIDs and, due to a lack of Physical Layer visibility, are recognized as the legitimate device that they imitate. Network Implants also operate on the Physical Layer, going undetected by any network security software, including NAC, thereby not triggering any security alerts. Hardware attacks require the perpetrator to gain some form of physical access, but once the device is inserted, the attacker can gain remote access to the target’s resources and data. Depending on the device used, an attacker can carry out several harmful attacks, including data theft, espionage, MiTM attacks, malware injection, DDoS, and more.

As critical infrastructure can be a difficult target to attack, a perpetrator would likely be a state-sponsored actor who possesses the necessary capabilities. Additionally, targeting an adversary’s critical infrastructure is a big win. Even if there is no substantial damage, successfully infiltrating a nation’s critical infrastructure can cause significant distress among the population and undermine their confidence in the government’s ability to preserve national security. Again, because of this, it is likely that a culprit would have some ties to a government. 

So, how is critical infrastructure vulnerable? Of course, it is not one-size-fits-all, but below are a few vulnerabilities that are generic to critical infrastructure.

The blind spots you don’t want attackers to see – but they are!

Legacy systems

Critical infrastructure is often heavily reliant on legacy systems to carry out operations, putting them at considerable risk. Why? Well, legacy systems are almost synonymous with “cybersecurity risk”. You do not need to be a cybersecurity expert to know that a legacy system, built with the security needs at the time in mind, cannot sufficiently protect against the threats of today. Cybersecurity threats evolve constantly, and it is already a struggle for IT departments to keep up in real-time. So, a system built X number of years ago, with an inability to be updated, is most definitely not going to be a force to be reckoned with for hardware attackers. Need I say more?

Integrated environment

To modernize legacy systems and enhance productivity, organizations have adopted an integrated environment where IT, OT and IoT are interconnected. As a result, critical infrastructure is often dependent on cyber-physical systems, whereby the physical equipment and systems are digitally controlled. Yes, this does mean that a cyberattack can have direct physical consequences – just look at the Stuxnet attack.

With an environment that is becoming increasingly technologically integrated, an attackers’ job just got easier. A hardware attack requires some form of physical access, and the integrated infrastructure allows the perpetrator to target the most accessible component as the point of infiltration and then move laterally throughout the entire network. It is even more worrying since some critical infrastructure, such as energy providers, deploy consumer-facing IoT devices that operate in less secure environments, making it easier to gain physical access.

Organization size

Organizations that make up critical infrastructure are, typically, not small. Such entities perform critical operations and require extensive personnel and facilities to do so. Primarily, this means there are likely a large number of assets within the enterprise. The more hardware assets an enterprise has, the more difficult it is to manage all of them. When it comes to hardware-based attacks, asset management is imperative. If you cannot see an asset, then you cannot identify it as the source of malicious activity. Additionally, the more hardware assets an organization possesses, the greater the attack surface as there are more entry points for a bad actor.

Another risk associated with an organization’s size is the challenge of ensuring comprehensive physical security. As hardware attacks require the perpetrator to gain physical access, physical security is the first layer of defense against such attacks. A hospital, for example, simply cannot have physical protection across the entire building. There will be areas where an attacker can quickly slip in and out without anyone noticing.

Finally, a large organization with many different departments might have a decentralized approach to cybersecurity. As a result, this can bring about inconsistencies in each department’s approach to cybersecurity. Insufficient security in one department puts the entire enterprise at risk due to its interconnectedness. All it takes is for the attacker to successfully infiltrate the weakest department and gain further, deeper access to the network. You are only as secure as your weakest link…

Its time for Zero Trust Hardware Access

The aforementioned risks are elevated by the trust typically given to internal users and devices. The assumption that those operating within the organization’s perimeters are trustworthy puts the enterprise in a vulnerable position to malicious activity originating from within. The automatic trust given to internal users provides them with extensive access to enterprise resources. This is especially worrying considering the integrated environment that is typical of critical infrastructure.

Adopting the Zero Trust (ZT) model eliminates the component of trust as all users and devices need to be verified at every access request to enhance security. A Zero Trust Architecture (ZTA) is implemented through various measures, including micro-segmentation, whereby the network is split into more granular parts – each of which requires separate access approval. Micro-segmentation prevents lateral movement across the network, minimizing the extent of damage that an attacker can cause. Micro-segmentation is especially important to critical infrastructure due to its interconnected environment that makes lateral movement relatively effortless.

Complete Asset Visibility

However, to accurately enforce the ZT model and ZTA, critical infrastructure organizations need complete asset visibility. That means accounting for every hardware device within the enterprise’s infrastructure and identifying its true identity. Rogue Devices, as mentioned, are covert by nature – whether the device is hiding or spoofing a legitimate one, an enterprise needs to be able to overcome this visibility challenge. Without the ability to see the device or its true characteristics, the ZTA might grant access under a false pretense. A lack of visibility on the hardware level – Layer 1 – means that critical infrastructure will struggle with accurately enforcing the ZT model and will still be exposed to Rogue Device attacks. Hence, it is time for Zero Trust Hardware Access, where the Physical Layer is the first layer of defense. 

HAC-1

Sepio Systems’ Hardware Access Control solutions (HAC-1) enables Physical Layer visibility, providing a panacea to the gap in device visibility. Not only are all devices visible to HAC-1, but by validating a device’s Physical Layer information, its true identity is revealed – not just what it claims to be. The solution’s policy enforcement mechanism enables Hardware Access Control by enforcing a strict, or more granular, set of rules based on the device’s characteristics. And, importantly, HAC-1 instantly detects any devices which breach the pre-set policy, automatically instigating a mitigation process to block the device, thus preventing malicious actors from successfully carrying out an attack. 

HAC-1 brings the ultimate solution to effective ZT adoption by significantly reducing an enterprise’s blind spots. With greater visibility, the ZTA can grant access decisions with complete information, thus enhancing the enterprise’s protection within, and outside of, its traditional perimeters. The Hardware Access Control capabilities of HAC-1, which block Rogue Devices as soon as they are detected, stop an attack at the first instance, not even allowing such devices to make network access requests. Furthermore, HAC-1 supports data access policy development – which the ZTA relies on as a source of information – by enabling the creation of more valid policies based on complete asset visibility. So, while critical infrastructure protects the nation, HAC-1 is here to protect critical infrastructure.

Leave a Reply