The growing frequency and complexity of cyber-attacks have caused both public and private organisations to question their current IT security strategies. This is especially true in the Middle East region where cyber-attacks are becoming ever more political. With the mindset towards IT system breaches having shifted from a matter of ‘if’ to ‘when’ they occur, particular concerns are being raised about the vulnerability of control systems like supervisory control and data acquisition (SCADA) systems, which are responsible for critical operations and national infrastructures. When such systems are successfully breached, cybercriminals can gain full control of infrastructure – for example, the Stuxnet worm, discovered in 2010, successfully infiltrated an Iranian nuclear plant through a SCADA system breach. Such breaches not only lead to the loss of data but can also cause damage to physical assets and potentially, the loss of life.
More recently, state-sponsored hackers conducted destructive attacks on Saudi Arabia, just before Donald Trump’s visit, erasing data and wreaking havoc in the computer banks of the agency running the country’s airports and hitting five additional targets.
As such, private organisations and regional governments alike are re-examining the cyber security practices currently in place to defend control systems. Unfortunately, traditional point security solutions like anti-virus software and firewalls are no longer an adequate defence against sophisticated cyber-attacks, such as Advanced Persistent Threats (APTs), which are specifically designed to gain control over systems like SCADA. Instead, Protective Monitoring systems are now needed to proactively defend infrastructure. Such systems provide the deep visibility into IT systems required to detect, respond to and remediate security threats in real-time, and to enable the accurate attribution of attacks. In an age where cyber war seems imminent, the accurate attribution of cyber-attacks – especially when the target is critical national infrastructure – has never been more important. Without it, speculative finger-pointing could inflame political tensions.
It is no surprise that SCADA systems are an attractive target for cyber criminals. Unfortunately, many organisations tend to focus on investing in the availability of SCADA systems over their security. Additionally, with SCADA systems deployed in the management of utilities and infrastructure, they are controlled across a variety of geographic locations. Having a centralised system that can provide 360-degree visibility across all IT network activity in real-time is therefore vital for the management of SCADA security.
Furthermore, as SCADA devices tend to employ basic, easily defeated authentication methods which operate on old code bases, they were especially vulnerable to cyber attacks. Many control system components also inherently trust the environment and do not natively create security events – instead, they rely on separate (and possibly not implemented) control system historian and change management functions to record operational events. As such, it is not only essential that these controls are deployed, organisations also require Protective Monitoring, which involves centralised, automated monitoring systems, such as a next-generation security information and event management (SIEM) solution, which collects and processes all log data as and when it is generated. This real-time monitoring and analysis of all log data enable the detection of any sign of abnormal activity which indicates that the SCADA environment may have been breached. Once a potential threat has been identified, SIEM’s intelligent, automatic alerting and response capabilities, such as pattern recognition and responsive monitoring, allows for immediate threat response and remediation countermeasures to be taken.
Even once threats have been remediated, there is often an enormous amount of uncertainty surrounding the origins of the attack. A SIEM platform’s log management and analysis capabilities provide the intelligent insight needed for further forensic investigation and attack attribution. With critical infrastructure systems being an ideal target for low-risk, high-impact cyber attacks, this level of insight into systems is crucial. Only by taking an approach capable of monitoring and analysing 100 percent of log data in real-time, can sophisticated attacks attempting to control SCADA systems be effectively detected, remediated and correctly attributed before any significant damage is done.
Subscribe to our monthly newsletter
Keep a pulse on the latest business news in the Middle East. Subscribe now.