It’s a common refrain that when it comes to critical infrastructure cybersecurity, it’s not a matter of if; it’s a matter of when. Cyberattacks around the world have shown the potential dangers of such an attack.
Industrial control systems (ICS) are increasingly under attack, with the number of reported incidents in the US alone up 17 percent in 2015. The US Department of Homeland Security says there were nearly 300 incidents during the year.
- In December 2015, a quarter of a million customers in Ukraine shivered through a blackout on a cold winter day that was the result of cyber attacks at three regional electric power distribution companies. Malware destroyed data on hard drives and performed a DOS (denial-of-service) attack on power company phone lines.
- Light rail systems in South Korea have faced several recon attacks from North Korea. According to an assessment by Booz Allen Hamilton, critical systems like speed and safety controls were the target.
- Nuclear power plants are another target. Malware delivered by an employee plugging in a USB flash drive infected a plant in Germany. In Japan, malware was found operating in the control room.
It’s not just the electric grid and transportation. Potential critical infrastructure targets include pharmaceutical manufacturers.
“I think manufacturing in the near term is certainly at risk,” Said Brad Medairy, senior vice president at Booz Allen Hamilton. “I think that we’re going to start to see potential ransomware, supply chain attacks and disruptions.”
Critical Infrastructure Cybersecurity with Uplogix
When it comes to critical infrastructure cybersecurity, companies historically tend to spend disproportionately on prevention and neglect recovery. In the world of when and not if, consideration needs to go into how companies will get back up and running after a hack.
With Uplogix all management of networking devices can be out-of-route. Devices are configured to only accept management traffic from an Uplogix Local Manager over the console port. This “locks down” the device to potentially malicious outside traffic aimed at changing configurations, powering down or other unauthorized changes.
Next, Uplogix gives you the tools you need to rebuild quickly after a hack. Since a Local Manager is a state-aware console server, recovery from an unauthorized change can take place nearly immediately. Last-known or golden configurations can be pushed to devices. Secure out-of-band access ensures you’ll be able to get to remote devices even when the primary network is down or degraded.
Another option is for Uplogix to put network devices into a “safe mode” during an incident. If you don’t know the extent of the damage or if it is contained and want to limit network functionality. Before you go into disaster recovery mode, Uplogix can push an appropriate configuration to one device, or to thousands deployed across your network.