Protecting critical infrastructure puts focus on people, process and technology
- By Kevin McNeill
- Feb 02, 2021
The scope and sophistication of the recent highly publicized cyber-attacks on our government’s software supply chain indicates highly skilled cyber adversaries, effective network reconnaissance and careful planning. These attacks by Russian actors demonstrate the real threats to our nation’s cyber infrastructure and the risks to the systems that keep our democracy running.
The departments of Energy, Treasury and even Homeland Security, the agency charged with protecting our critical infrastructure, were all breached in this wide-ranging attack. As the new administration looks to establish cybersecurity priorities and programs, it is critical that the U.S. government and private sector work together to ensure that the vulnerabilities in our supply chain systems are not further exploited. We need to fund and invest in capabilities to control and defend cyberspace by focusing on the people, processes and technology.
As our critical infrastructure systems evolve and incorporate new dispersed computing and 5G network infrastructure as operational technology, with a high degree of software defined functionality, the supply chain vulnerability challenges will increase dramatically. Safely deploying these rapidly evolving technologies into critical infrastructure requires effective cyber sensors, well-trained cyber defenders, and technical innovations that out-pace our adversaries. Meeting these challenges includes innovative modeling and simulation technologies and novel deep learning-based cyber sensors to create mission-scale solutions.
We must recognize the importance of realistic, high-fidelity training for network defenders, whether they are Enterprise IT network security staff or DoD Cyber Protection Teams. Skilled operators are essential to countering sophisticated nation-state adversaries. Building new environments for operational technology and industrial control system testing and training exercises, with both IT and OT networks, will enhance the experience and better prepare defenders for their mission. One scenario worth running would be to bring a power grid, access control system, building automation system, or other critical infrastructure to the trainee through an interactive augmented reality/virtual reality environment which can be used locally or used remotely and accessed across customer networks or the internet.
An effective system infrastructure uses OT to AR/VR adaptors that translate effects in the OT environment to effects in the AR/VR environment. It can be tailored and expanded by building 3D models and environments – military bases, a small city, or an electrical power grid. Users can conduct testing in accordance with industry standards that specifically address boundary security between IT and OT network enclaves.
The best tools will have representative industrial control system devices and software from across the industry to support training operators on how to operate, patch, backup, and restore ICS and how to respond to suspected intrusion.
The DoD’s Smart Bases initiatives are a great example of this approach. The rigorous requirements for development look to modernize infrastructure by building safe environments for testing of OT systems, including software patches and upgrades and the efficacy of control system isolation. Providers will support rigorous testing of intrusion detection and prevention systems and the safety of network scanning tools used by Cyber Protection / Mission Defense Teams. Relevant to the recent cyber intrusions, the project can enable Supply Chain Risk Management (SRCM) and System Authorization by supporting vulnerability assessments and penetration testing with a standardized process. This approach can validate ICS elements prior to fielding and conduct SCRM activities against foreign made chips, system components, and code.
Key to preventing adversaries from gaining further access to our systems is the insertion of novel technologies, advanced tools and skilled operators with the right type of training. To increase training realism, and enhance the fidelity of network infrastructure, it is important that we change the way we approach our defenses and those who defend us.
Our national security and critical infrastructure systems are woefully vulnerable to the types of advanced persistent attacks we are seeing permeate our government systems. The attacks will continue to come. Next time we need to be ready
Kevin McNeill Sr. directs research and development of next generation of advanced cyber science solutions and operations for complex defense and intelligence missions at CACI International. He is a senior member of IEEE, holds eight patents and has been extensively published.