Given the tense security environment caused by Russia’s current attacks on Ukraine, threats to critical infrastructure are top-of-mind throughout the cybersecurity community.
In an ISACA TV interview this week, critical infrastructure expert and cyberthreat investigator Alex Holden, CISO and founder of Hold Security LLC, provided his perspective on the most likely threats and their potential outcomes.
“I think we’ve done a fair job over the years preparing and defending ourselves,” Holden said of the critical infrastructure sector. “We’ve spent a lot of time in building the right infrastructures, building the right frameworks, monitoring and alerting. Unfortunately, we are not perfect, so there are still gaps.”
Governments – especially in and around Ukraine – are on high alert for attacks on facilities such as water treatment facilities, power grids and pipelines. Ukraine reportedly sought volunteer practitioners to help protect its critical infrastructure, though the elevated risks extend to other countries as well.
Holden, a native of Ukraine who now lives in the US, said he is especially concerned about self-propagating, worm-like attacks.
“We feel that the open vulnerabilities that can be massively deployed and self-propagating are probably going to be the most devastating because every system would be vulnerable,” Holden said.
Holden referenced a devastating cyberattack in Estonia in 2007 in which communications networks, the finance sector and more were severely damaged as a frame of reference for how impactful critical infrastructure attacks can be. Recovering from such an attack could be even more problematic now given the current circumstances in and around Ukraine.
“In normal times, when there is a single weakness, the chances of recovery still exist,” Holden said. “If there is a fast-sweeping, wide-ranging attack, you might not see additional help from outside of the organization to help you defend and deal with the disaster.”
Given the volatile current landscape, Holden said organizations need to give renewed attention to their business continuity and disaster recovery plans.
“If you don’t have a disaster recovery plan in case of escalation of tensions, that can put you in a terrible place,” Holden said, adding: “A good, solid playbook for the most common attacks will save you from panicking and making mistakes. The incident response plan, the tabletop exercises, should be being conducted right now because that’s a critical component for us to … ensure that we are able to sustain our stability and integrity of systems, even if there is escalation of tensions.”
Editor’s note: For the immediate future, ISACA will be providing members with complimentary access to several of our security preparedness and response materials. Find out more here.