Cybersecurity 28 March, 2018 11:00 am   
COMMENTS: Mateusz Gibała

Cyberspace is an equally important front of critical infrastructure defense

The FBI and DHS (Department of Homeland Security) information from March 15 this year, urging infrastructure and energy companies to update their security systems, is not a surprise. For several years now, there has been a growing awareness of countries around the world on cyber security issues. Such a trend does not come out of nowhere – writes Jakub Syta, director of cybersecurity at Exatel.

Infrastructure in the network like a physical one

We are learning more and more often about the attacks in which well-organized, well-paid and equipped groups of hackers are involved. The goals are important installations such as the ICT network, energy, power plants, airports or water supply – the so-called Critical Infrastructure. Why? It is, of course, about its impact on the functioning of the whole society. Because do we imagine life without electricity or running water in taps? That is why securing Critical Infrastructure against cyber attacks has become a necessity.

The question arises – what to do to successfully defend Critical Infrastructure against cyber threats? First of all – start treating cyberspace on a par with physical space. No one is surprised by the high fencing around the power plant or the camera over the entrances to state buildings. The same should be true for systems protecting Critical Infrastructure from cyber attacks. They should become the norm.

Institutions responsible for maintaining a key infrastructure for the state should use all available cyber-defense tools. IT infrastructure should be comprehensively secured, up-to-date and configured in accordance with the best security practices. The organization may be able to detect attempts of attacks or “suspicious behaviors” in real time, e.g. by statistically analyzing network traffic or monitoring the functioning of individual end devices (ie computers or servers). What’s more – attempts to access or steal key information should be automatically blocked. And any signals from security systems should be correlated on a regular basis, indicating the most dangerous situations.

A holistic approach

It may seem that the above requirements are difficult to achieve. It is wrong. Such solutions are available on the market and increasingly used – also in Polish enterprises. The problem is, however, their selective implementation. Because they only appear in those organizations where decision-makers understand the essence of the matter. However, the installation of appropriate devices alone does not solve the whole problem. Cybersecurity is a constant race against hackers who are looking for new attack opportunities. That is why it is important to constantly improve the protection system, promptly detecting and responding to potential threats. Without this, the actual effectiveness will always leave much to be desired. In organizations where cybersecurity is not on the list of priorities, there is not much going on in this topic.

A separate matter is whether the organization will be able to use the information obtained from cybersecurity systems. A comprehensive security system generates thousands of events per second, 24 hours a day. Few people are able to implement supporting tools themselves and maintain a team of experts who can use this information noise to capture events that are really important. Such events that indicate the possibility of compromising or breaching security systems. Fortunately, with the development of cyber security needs, entities providing such services are already in Poland. The State Treasury itself employs such teams that can effectively counteract cyber threats. Their greater presence in Critical Infrastructure companies should allow for a rapid increase in the level of security. And this should happen soon, taking into account the requirements of the NIS Directive.