Sign Up for FREE Daily Energy News
canada flag CDN NEWS  |  us flag US NEWS  | TIMELY. FOCUSED. RELEVANT. FREE
  • Stay Connected
  • linkedin
  • twitter
  • facebook
  • instagram
  • youtube2
BREAKING NEWS:
Hazloc Heaters
Zachry Integrity Engineering
Copper Tip Energy Services
Copper Tip Energy
Zachry Integrity Engineering
Hazloc Heaters


How to protect your critical infrastructure site against the increasing threat of cyberattacks


These translations are done via Google Translate

web critical infrastructure worker oil refinery night tablet 1900x630 2111

The critical infrastructure industry is not immune to the ever-heightened risk of cyberattacks. Over the past 18 months across North America, we’ve bear witness to an increasing number and severity of these attacks, some which have significantly crippled millions of people over extended periods of time.

A recent example occurred in May 2021, when the hacking group DarkSide infected computers of Colonial Pipeline – the operator of the largest pipeline system for refined oil products in the United States – with ransomware that brought 45% of east coast U.S. fuel distribution to a halt.

Incidents like this have again sparked obvious concern among those charged with protecting critical infrastructure and the wider public. The risks associated with the disruption of critical infrastructure, directly and indirectly, have once again been brought into sharp focus, making the sector an even more attractive target for cyberattacks.

Broadly speaking, the motivations for cyberattacks fall into three groups: financial gain, widespread disruption, or, most simply, personal challenge.

Cyberattacks with the goal of financial gain through ransomware, where control of critical systems and access to sensitive data are retained by the hackers until a substantial ransom is paid by the affected organization.

Whatever the motivation, the approach is broadly the same. Hackers will constantly look for vulnerabilities that allow access to a network, and then aim to move within the network to infiltrate and control more sensitive systems.

A connected world means a hackable world

The world is more connected than ever before. The Internet of Things (IoT) broadly describes the billions of devices and sensors now connected to each other, from data centers to corporate networks, delivering valuable services and creating huge efficiencies to consumers and businesses.

Perimeters around corporate networks have become more permeable by design, facilitating external connections from employees, suppliers and customers, and millions of devices. Networks within critical infrastructure are no different. Though the need to secure any network is important, the risks associated with breaches of critical infrastructure networks are so significant, a robust approach to cybersecurity in the sector is even more imperative.

Unfortunately, all networked devices and systems can be vulnerable. Any device, if unprotected, can be the weak link that gives a hacker access to the system and result in a potentially catastrophic cyberattack. While networked surveillance cameras play a central role in the physical security of critical infrastructure, the ultimate irony would be if these same devices provided the entry point for a critical infrastructure network breach.

Best practice is to trust no one until verified

No network can be 100% cybersecure. Unencumbered by regulation and as well-financed as any start-up, cybercriminals are constantly looking to innovate their methods of attack. It’s therefore essential that operators of critical infrastructure work equally hard to understand the evolving threat landscape and stay one step ahead.

As more devices connect to the networks used by critical infrastructure, the notion of using a firewall to protect that perimeter has become redundant. A new approach has been needed and has emerged in the form of Zero trust networks.

Put simply, as the name suggests, zero trust networks are based on the assumption that no entity connecting to and within the network – whether apparently human or machine – can be trusted. Whatever they appear to be, wherever they are connecting from, and however they are connecting isn’t trusted until they have been verified.

Additional steps should be taken to ensure that every aspect of the surveillance solution is as secure in its own right as possible – our hardening guide provides in-depth information on best practices.

System health monitoring and management

Just as monitoring our own health is essential for spotting minor problems and weaknesses that could become more significant issues in the future, effective health monitoring of surveillance solutions plays the same role in reducing vulnerabilities.

Without visibility of all surveillance devices connected to the network and their status, it’s impossible to ensure that all risks are mitigated and, critically, if a vulnerability appears in one area that it is effectively contained. Without this, a small breach can quickly become a much bigger issue through an (often understandable) overreaction to contain the breach.

In addition to health monitoring, software tools can facilitate the centralized, remote, and increasingly automated application administration of firmware updates. This is essential in defending against new viruses and in keeping surveillance solutions secure, particularly as organizations add more IoT devices to their networks.

Read more about how to protect your critical infrastructure site here.

Looking to create a more secure site, uninterrupted operations and a safer workforce – in every step of your operations? Get tips, insight and understand technology applications by downloading your free eGuide here.   

For more information please reach out to Obaid Hafiz via email or phone.

Obaid Hafiz
Area Sales Manager, Axis Communications
T: (587) 226 1664
E: [email protected]



Share This:



More News Articles


GET ENERGYNOW’S DAILY EMAIL FOR FREE