Hello and welcome to Part One of my new blog series discussing cyber intelligence and security around the critical infrastructure sectors in the U.S. Cyber-attacks are becoming increasingly prevalent and threatening to utilities, refineries, military defense systems, water treatment plants and other sectors of our critical infrastructure. Part One of this series details the dangers of cyber-attacks by state and non-state actors and how cyber intelligence can help organizations combat future cyber-attacks. Part Two will detail the role of data in cyber security and ways cyber intelligence can be gathered to further prevent attacks.

The New State of Cyber-Attacks

As technology advances so will the amount of cyber-attacks. Many companies play a vital role in their nation’s critical infrastructure and these companies are adopting digital systems to replace older, analog controls. This digitization of technology is helping operators obtain remote visibility and control over operations, including processes in refineries, the generation and transmission of power in the electrical grid, and the temperatures in nuclear cooling towers. In doing so, industrial facilities have become more efficient and productive.

However, the same digital hyper-connectivity that facility managers use to collect data and control machines and processes, also can serve as entry points for cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Many early control system breaches were random or accidental infections, but we’ve now entered a stage where kinetic attacks are becoming more prevalent, with industrial control systems becoming the object of targeted attacks.

Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are almost certainly targeting and possibly even penetrating the networks of energy providers and other critical infrastructures in the U.S. Effectively cyber criminals have loose alignment (affiliation) with state actors and now these criminals are beginning to use different methodologies, creating a huge challenge. Traditionally, we see malicious actions like zero-day attacks, Denial of Service attacks, (DoS) i.e. vulnerability attacks, bandwidth or connection flooding, stopping or delaying workflows and SQL Injections that help hackers exploit or steal data from organizations.

Another common attack in the threat actors’ arsenal, Distributed Denial of Service (DDoS), uses bots; your computer is hijacked and becomes a bot in what’s called a botnet scheme. In a botnet scheme, hackers have a remote or main control and control machine where they can send out commands to the hijacked computers or bots, to flood the servers at a particular business or organization. This brings the organizational network to a crawl and causes them to lose business and slows workflow. Now, we’re seeing an increase of physical attacks (Saudi Aramco) where actors have the capabilities to erase hard drives, shut down or crash equipment in a manufacturing plant or energy infrastructure.

This is why companies and commercial entities need to gather enough intelligence to be able to react. The current cross-industry information sharing process is not as robust as it could be, but it’s a work in progress as evidenced at the White House Summit on Cybersecurity. For example, if there’s an exploit in software that Utility A knows about, they should have a way for Utilities B, C and D to obtain access to that information and quickly patch that vulnerability. Without good cyber intelligence, you’re not going to be capable of achieving that objective.

The Importance of Cyber Intelligence

In the past, organizations have been very reactive to cyber-attacks. We’re used to a time where putting a security guard in front of a door was all we needed for security, but now we must understand what the bad guys are doing before they do it. Cyber intelligence needs a proactive process to effectively address cyber security and to protect our organizations and intellectual property. If you know what the threat actors are doing, you can put a mechanism in place to defend against them and their attacks. So, collecting data, anticipating threats and looking at what other industries organizations are going through and analyzing that information, will give operators a good sense of what cyber criminals and other malicious actors are doing.

Cisco is creating leading threat intelligence through the Talos Security Intelligence and Research Group (Talos). Talos is comprised of leading threat researchers supported by sophisticated systems that provide exceptional visibility from the aggregation and analysis of unrivaled telemetry data at Cisco. The result is a security intelligence cloud producing “big intelligence” and reputation analysis that track threats across networks, endpoints, mobile devices, virtual systems, web, and email.

Purchasing services around intelligence should also be a part of the security architecture and security play for organizations within the critical infrastructure as well. This in not just a static process – it’s a dynamic approach to addressing security and considering cyber intelligence as a part of the process of securing an organizational infrastructure. Cisco is helping protect organizations within the critical infrastructure through advanced grid security solutions. Cisco’s Secure Ops Solution is a cybersecurity, secure-access, and compliance solution for critical infrastructure that provides a highly secure industrial automation and control systems environment to protect remote generation and transmission locations within the utilities industry. Distributed as a managed service, the solution combines on-premises technology and processes to implement and maintain layered security controls. This provides a holistic understanding of threats, their root causes, and scopes of outbreaks.

While hackers behind cyber-attacks aren’t showing any signs of slowing, it’s important to take action as soon as possible to detect and mitigate these threats. Stayed tuned for Part Two of this series where I’ll detail practical applications of data in cyber security and ways cyber intelligence can be gathered by those within sectors of the critical infrastructure.


Donald Graham

Practice Advisor, Manufacturing & Energy Practice

Business Transformation Group