Due to its widespread reliance on a huge network of locations, devices and people to provide adequate services, the energy industry faces perhaps more threat from cyber-crime than any other sector. While these threats have always been present, the effect of recent global events on daily operations has severely increased the possibility of attack.
With the post-pandemic shift to work from home practices, as well as a push towards “cleaner, greener and cheaper” energy, the industry is faced with the need to rapidly take advantage of efficiencies presented by digital transformation and cloud computing. This represents a step change in work practices for the sector, in that traditional energy OT was never originally designed to be connected to the internet, and new models for cyber security are required.
With remote operations becoming increasingly commonplace, more and more devices and machines are required to be connected online to maintain a satisfactory level of service delivery. Insofar as the energy industry is concerned, the sheer scale of services being provided means that practically all aspects of operations are now inescapably facing being connected to the internet, and by extension the IoT (Internet of Things).
Threats Are on the Rise
More Vulnerabilities
Specialised Security Skills in Short Supply
Lack of Regulations and Frameworks
|
With the expanding threat surface and a shrinking available talent pool to deploy the new security posture required, companies using OT must look to new technology to augment the existing network, protect un-patchable devices and uplift the overall identity and encryption architecture of their operating environment.
The more connected systems become, the larger the respective attack surface becomes and the more attractive they become as targets for cyberattacks. In 2022 we saw multiple international cyber security agencies (including Australia) issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of new malware, as well as the disclosure of a growing list of operational technology vulnerabilities.
VeroGuard’s technology maintains network integrity for legacy and new infrastructure when connected or exposed to open networks. Providing highly phish-resistant MFA for access to networks and devices and strong post quantum level data encryption for device communications, companies can accelerate digital transformation plans by providing a certified virtual airgap between the OT environment and open internet connectivity. VeroGuard is the only platform worldwide to have Common Criteria certification for access on open networks, meaning it has been verified by the Australian Cyber Security Centre (ACSC) for use in Defence and other government departments with high assurance requirements for online access.
Background
The energy industry continues to face an expanding cyber threat landscape which presents a substantial challenge to operations. The Australian Government has acknowledged the fact that technology in operational environments is key to national security and economic prosperity – as reflected with the amendments to the Security of Critical Infrastructure Act – by introducing financial and criminal penalties for non-compliance.
Complicating matters further, “insecurity by design” remains very relevant in traditional OT, and that is why a shift in security infrastructure to account for open network connectivity and all the variables it presents is so necessary. The past decade has shown that one of the biggest security problems continues to be the lack of basic controls, and attackers have exploited this in practice with the recently discovered malware Industroyer2 and InController/PipeDream. Insecure by design vulnerabilities abound evidenced by a recent investigation by Vedere Labs which found 56 vulnerabilities affecting 10 major vendors. Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of devices, bypass authentication, compromise credentials, cause denials of service or have a range of operational impacts.
The most common issues[1] found from internal audits and vulnerability scans include:
Unmanaged assets are connected everywhere.
Operational systems are deployed with their default credentials unchanged.
OT networks that were initially designed to be highly segregated have become flatter than realised.
Ports on all kinds of systems in all kinds of remote locations are wide open.
OEMs are accessing the machines they sold remotely, and no one is managing this.
Disclosed vulnerabilities on old OS’s have never been evaluated for possible patching.
The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit.
No centralised governance exists for end-to-end security processes and decisions.
Identity and credential compromise remain the biggest threat, IBM recently found that 78% of incidents began with a phishing attack (consistent with their 2021 findings). In fact, we know that 95% of all cyberattacks are on identity and credentials and that over 85% of all breaches involve compromised credentials. That is why the average time to discover and remediate a breach has blown out to over 327 days (IBM Data Breach report 2022).
It is not appropriate to simply embrace the cybersecurity operations from existing IT practices. While IT network and operating system patching and identity management practices are well established, the ability to manage devices and systems in the same manner is not as straight forward. “Patching at will” for example is not always an option for OT devices. Though traditional air gap defences can mitigate against many of the vulnerabilities on devices, switching back to this defence mechanism removes the benefits of connectivity and a new approach is required.
Some of the key mitigation strategies (aside from patching, monitoring, training and awareness – these are all “after the fact” activities and not prevention) in every advisory are to:
Require phish-resistant multi-factor authentication for all remote access
Implement and ensure robust network segmentation between operational and corporate networks to limit the ability of malicious cyber actors to pivot to the OT network after compromising the IT network.
Implement demilitarized zones (DMZs), firewalls, jump servers, and one-way communication diodes to prevent unregulated communication between the IT and OT networks.
It is important to note that without strong Identity and Access management control over any additional tools, the criminals will find a way through. This is on ongoing occurrence online with bad actors simply bypassing second factor authentication (2fa) and detection software. There have been attacks where 2fa applications and VPN’s themselves were used as the vectors for successful breaches.
[1] Gartner Guide for Operational Technology Security
A New Approach
The VeroGuard Platform offers a unique solution to securing connected environments, by providing secure Identity and Access Management controls, virtual network separation, data encryption and flow control. VeroGuard’s products have Common Criteria (CC) certification (defence level security) and can be quickly and cost effectively deployed to legacy, new and hybrid environments.
The platform was specifically designed for protecting identity, access and data on the open internet and works by inserting an HSM between the device being accessed and the network connectivity delivering an impenetrable defensive layer for online protection. When initiating connectivity, the inline HSM must connect to and verify itself with the platform HSM, which then creates a secure encrypted tunnel using hardware derived keys and encryption protocols for data flows and any user verification needs.
HSM-to-HSM verification and communication is not new – however until now they have been expensive and limited to terrestrial connection. Two-way HSMs are utilised in banking (e.g.: ATM’s, Eftpos) and military systems around the globe for securing critical communications. Typically, the technology is used in guided missile control where it is crucial that command messages cannot be decrypted, or the command plane hijacked. VeroGuard brings this mutual two-way hardware verification for use in OT environments, at scale and without the high cost.
Multifactor Authentication
Robust Segmentation
Secure Communications
|
Form factors include the VeroCard HSM for humans, and the VeroMod HSM for machines/devices.
The VeroCard HSM enables users to be verified to access networks, applications and devices authenticating via the combination of the specific users VeroCard and their secret PIN. Every login attempt is verified by the secure connection back to the VeroGuard Platform.
The VeroMod IoT Shield is a commoditised Hardware security module (HSM) which connects inline and creates a “virtual air gap” between the device and any connectivity.
VeroMod IoT Shield brings HSM-to-HSM technology for verification and encryption to any device. This guarantees access requests to and from all machines and provides the highest level of encryption to all data in transit.
VeroGuard is unmatched for security and scalability as the only online platform that always uses HSM-to-HSM protection time after time, for identity verification, communications, data integrity and switching services.
The rapid adoption of technology presents universal concerns for service providers:
Increased digital services/devices and interconnectivity between systems means an increased attack surface for cybercrime.
Rapid rise in data volumes, flows and complexity of management means increased opportunities for identity breaches
Transitioning from legacy systems and navigating the complexity of hybrid environments
Complex layers for identity and security become more costly with many mixed environments
Expansion of stakeholders and associated integration requirements (suppliers, citizens, 3rd party providers, businesses).
VeroGuard Systems offers a solution that begins with indisputable proof of identity for all online and digital communications. It is the only platform available anywhere in the world that can guarantee defence certified identification security for both people and machines. By providing host connections into the VeroGuard platform the VeroMod effectively provides point-to-point connection over open networks. User access is provided with permission verified by the VeroGuard platform before being able to access networks, devices and data. Machine to machine connections are verified in the same way with the digital identity provided by the VeroMod. All VeroGuard HSM-to-HSM connections are protected using elliptic-curve Diffie–Hellman encryption set for post quantum protection, with a DUKPT (Derived Unique Key Per Transaction) key management protocol meaning that the keys are derived within the HSM and there is no possibility of the keys being intercepted or stolen. Each time a connection is initiated a new set of encryption keys are generated.
There is an opportunity to harness this technology now and build a safe and secure digital ecosystem for companies, their suppliers and contractors.
How can this technology be harnessed to benefit the Energy Industry?
The focus of cyber security for Operational Environments is to support the health and safety, reliability and resilience, even in the event of a cyber-attack. Unlike IT systems, a control system in the energy sector that is under attack cannot be easily disconnected from the network as disconnection could potentially result in safety issues, brownouts or, even blackouts.
Credential compromises remain one of the largest reasons for breaches of systems, as well as one of the most easily preventable with the appropriate system infrastructure. The next generation of connected OT systems must be designed with identity and data security at their core – but changing out infrastructure is costly and slow.
To stay ahead of the curve and defend against the threats outlined in the introduction, the next generation of T&L system architecture must include:
A unified platform to reduce the complexity of layers of technology built up over decades
A cybersecurity platform architecture that is identity centric - purpose built for protection over open networks
A digital identity that is robust, tethered to the user, re-usable in many places and can’t be tampered with
Machine/human identity and communications that cannot be breached or compromised
A solution that can be readily retro-fitted to existing networks and fleet assets
An identity layer that facilitates hyper convergence of IT and IoT functions to simplify and reduce costs rather than duplicating across networks and participants
Privacy controls and low friction interfaces for users
Essentially, once deployed VeroGuard creates a virtual airgap for your fleet asset environment. Access is controlled via the irrefutable identity provided by the platform, and communications from devices or nodes are encrypted via the impenetrable security of the HSM-to-HSM technology core to the success of the Platform.
VeroGuard Systems is the next generation of platform to secure connected systems, machines and data. The VeroGuard Platform practically ELIMINATES credential and identity compromise on open networks to act as the core of any zero-trust deployment.
Any company migrating to the Cloud, connecting OT and IT networks, wanting to exploit open networks for machine communications, or looking to secure their supply chain should assess the VeroGuard Platform.