The Future of Connected Devices: Building Resilience Against Catastrophic Impacts
Over the course of National Cybersecurity Awareness Month (NCSAM), Hagerty’s cyber team has discussed ways that individuals and organizations can enhance their cyber preparedness and resilience. As the month draws to a close, we look toward the future of connected devices and discuss a critical element of cyber resilience: protecting against the risk of sophisticated cyber-attacks causing catastrophic impacts to lifeline infrastructure. This post provides an overview of emerging cyber threats and the steps you or your organization can take to bolster cyber resilience and protect your infrastructure against them.
Internet of things and IT/OT Vulnerabilities
The connected devices we are increasingly integrating into our everyday lives provide countless benefits, but also create additional cyber risks. The rapid proliferation of internet-connected devices known as the Internet of Things (IoT) is creating economic efficiencies, reducing environmental impacts, and offering added functionality and convenience, from smart homes to entire smart cities. However, this proliferation broadens potential attack surfaces and introduces new cyber vulnerabilities.
This trend of connectivity is also occurring in the lifeline infrastructure sectors we rely on to sustain public health and safety, the economy, and national security. The industrial and operational technology (OT) systems that are fundamental to the operation of our power grids, water and wastewater systems, communications networks, and other lifeline infrastructure are increasingly connected to information technology (IT) networks. As with consumer and business applications, this IT/OT convergence provides greater efficiency, along with improved situational awareness and remote operation capabilities; however, this connectivity also increases OT systems’ cyber vulnerabilities. More specifically, adversaries could leverage this connectivity to gain access to industrial networks, disrupt infrastructure operations, and even cause physical damage.
The Threat Landscape
The ability to penetrate and mis-operate OT systems is a key step in the evolution of cyber-attacks against lifeline infrastructure. Adversaries are developing sophisticated cyber capabilities to leverage these vulnerabilities with the goal of disrupting industrial processes and systems to cause outages – and in some cases, physical damage. The following trends and emerging attack vectors highlight the growing potential for destructive cyber-attacks on infrastructure systems that result in cascading failures:
- Threats to the United States (US) Homeland: A summary of the 2018 National Defense Strategy warns that the US homeland is “no longer a sanctuary,” and that we should anticipate attacks on lifeline infrastructure in future conflicts. US intelligence agencies believe that our near-peer adversaries in the cyber realm (e.g., Russia and China) already have the ability to cause localized infrastructure disruptions and are continually improving their cyber-attack capabilities. Those adversaries likely have incentives to hold their most disruptive capabilities in reserve to avoid the identification of countermeasures.
- Industrial Control System (ICS) Attacks: Adversaries are increasingly designing malware that targets ICS and other OT assets that organizations use to operate their infrastructure. Recent high-profile incidents have hinted at the potential impacts of major cyberattacks on infrastructure systems. The 2015 and 2016 attacks on Ukraine’s power grid caused brief but relatively widespread outages, demonstrating capabilities that could be employed for increasingly destructive attacks in the future. In the years since, ICS attacks have grown more frequent and more severe.
- Compromising Infrastructure Supply Chains: Adversaries are seeking to corrupt the supply chains for hardware, software, and firmware components in all lifeline sectors. Nearly all infrastructure systems rely on similar ICS hardware and software components produced by a small number of vendors. Compromising just one of those vendors could introduce vulnerabilities in a wide range of organizations. Cyberattacks that leverage corrupted ICS supply chains could affect a great number of infrastructure systems in multiple sectors across the nation simultaneously.
- Re-Attacks During Restoration: Unlike a hurricane or other natural disasters, the end of the hazardous condition means the end of new first-order impacts on infrastructure systems. However, if adversaries can use cyber-attacks to cause infrastructure outages, they will likely have the access and capabilities to conduct follow-on attacks that disrupt restoration efforts. These disruptions can be particularly problematic in the electric industry; as power outages persist, other lifeline systems that depend on grid-provided electricity may exhaust their backup power capabilities, causing catastrophic cascading failures.
- Opportunistic Cyber–attacks: Similar concerns exist in the aftermath of natural disasters. While an adversary is unlikely to attack US lifeline infrastructure – risking severe US retaliation – in the wake of just any natural hazard, if a major earthquake or hurricane struck US systems in the midst of a regional geopolitical conflict, adversaries could greatly exacerbate the impacts of that event by conducting attacks on lifeline systems as restoration progresses.
- Cascading, Cross-Sector Outages: One major issue that crosses all potential risks and threats is the growing interdependency between infrastructure sectors. These sectors and the lifeline infrastructure they serve are increasingly interdependent and vulnerable to cascading failures. For example, while nearly all critical systems rely on power to operate, the electric industry also requires fuel for power generation (i.e., natural gas), water, transportation, and other services to function. Without power, these sectors will not be able to provide the services that grid operators need to produce power.
Adversaries are likely to target these interdependencies in an attempt to create widespread, long-lasting, and mutually reinforcing outages. Unlike natural hazards, adversaries can carry out attacks that strategically impact single points of failure or attack multiple sectors simultaneously to exploit interdependencies. Simultaneous disruptions in multiple sectors have the potential to pose enormous challenges for infrastructure owners and operators.
As potential cyber vulnerabilities and impacts grow in line with offensive cyber capabilities, cyber-attacks on lifeline infrastructure that cause cascading failures are increasingly possible. However, it is important not to overstate current threats. While daunting, achieving the complex attack scenarios described above would require extreme sophistication. Therefore, while these ‘worst-case’ scenarios are theoretically plausible, a successful attack of this scale and magnitude is currently unlikely.
Building Cyber Resilience
While the threat of catastrophic impacts from a cyber-attack is significant, infrastructure owners and operators, government agencies, and the people they serve can take steps to bolster their resilience against sophisticated cyber threats. Resilience is not the ability to stop all disruptions before they occur; while system hardening and other protections are crucial, no cyber defenses are perfect. Hagerty defines resilience as:
A community’s ability to withstand, recover from, adapt to and/or advance despite acute shocks and long-term stressors.
To build resilience, the whole community must engage in efforts to secure their systems and work across sectors to protect against and mitigate catastrophic impacts. Communities can take the following steps to build their cyber resilience:
- Securing connected devices: Rather than attempting to reverse the trend of increasing internet connectivity, individuals, product developers, and infrastructure organizations should work to ensure the security of those devices. At an individual level, keeping internet-connected devices updated with the latest software and avoiding phishing scams that may provide network access to attackers can help reduce potential vulnerabilities. The companies developing IoT devices should ensure they are designed and developed with security in mind. For infrastructure owners and operators, accounting for the increased risks to OT systems in cybersecurity plans and capabilities can help protect the lifeline infrastructure that sustains communities.
- Engage in cross-sector planning and prioritization: When catastrophe strikes, no organization will be able to manage the crisis alone. Communities need to be aware of the functional interdependencies that exist and requirements for cross-sector support. In some sectors, multi-sector planning is taking place to understand these interdependencies and their implications in a disaster. For example, senior leaders from the electricity, communications, and finance industries convene in a Tri-Sector Executive Working Group to manage collective risks and build incident response playbooks. The Federal Emergency Management Agency (FEMA) has also created Emergency Support Function (ESF) #14 – Cross-Sector Business and Infrastructure to support cross-sector operations and manage competing priorities for scarce resources across sectors. Detailed pre-planning and coordination across all sectors will be necessary to improve our collective preparedness against major hazards and protect communities across the nation from the most severe impacts in future catastrophes.
- Ensure supply chain integrity: While a great number of cyber threat vectors exist for lifeline infrastructure systems, a successful supply chain-based attack on ICS components in multiple interdependent sectors could lead to widespread cascading failures. Industry and government organizations have begun to set standards, create regulatory requirements, and establish best practices to improve cyber supply chain risk management (SCRM). Given the potential impacts of a supply chain-based attack, government agencies and infrastructure companies should sustain or advance efforts to ensure the integrity of their supply chains.
The current cyber threat landscape and interconnected nature of our increasingly digital world requires that individuals, governments, and infrastructure organizations work together to protect against potential cyber-attacks and their physical impacts. In doing so, we can help create a future of connected devices that contributes to economic optimization, environmental sustainability, and overall community health while remaining secure and resilient against cyber risks.
Hagerty Can Help
Hagerty’s team has expertise in both cybersecurity and infrastructure resilience. Hagerty can provide planning, training, exercise, and assessment services to support you and your organization in building cyber preparedness and reaching for resilience. For more information, contact us.
Rob Denaburg is a Senior Managing Associate in Hagerty’s Preparedness Division. Rob is new to Hagerty but has worked with public and private sector clients to minimize the societal, economic, and national security impacts of infrastructure outages. In a previous role, he advised policymakers and industry leaders on how to build resilience against severe natural and manmade hazards, especially sophisticated cyber-attacks on lifeline systems.
Erin Bajema is a Managing Associate in Hagerty’s Preparedness Division. Erin is emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional design administrator. She has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.
Michelle Bohrson is a Managing Associate in Hagerty’s Preparedness Division. She primarily supports pre- and post-disaster recovery planning and hazard mitigation planning projects. Additionally, Michelle earned her Master’s Degree in Urban and Regional Planning (MURP) from the University of Michigan and is based out of the Austin, TX office.