Provision of core transport infrastructure in major cities has evolved from simply building and maintaining roads into managing entire transport networks. Major arterial roads incorporate significant public assets, such as tunnels, bridges and interchanges, which necessitate a need for control and oversight over an even broader range of assets to ensure traffic flow remains safe, reliable and efficient for all road users. For any organisation to be able to provide this level of supervision of these networks, there must be a significant investment in technology and, toll collection aside, an immense network of devices, sensors, communications systems, signage and other equipment that is all linked back to central control rooms.
The complexity of managing efficient traffic flow on a major road network, which can include bus lanes as well as cycling and walking paths, will continue to grow with the growth of the number of vehicles on the road as interactions, incidents, closures and major events can all impact use and flow. Tools used by organisations to manage this include variable speed signs, lane management and incident recovery teams, all of which can be triggered remotely through decisions made via observing CCTV and other traffic flow data. Further to the technology currently in use, the future prospect of connected autonomous vehicles (CAV’s) will see these vehicles interact with the infrastructure itself, with data on traffic flow and incidents being fed to the vehicles, as well as the possibility of telematics from the vehicles themselves being fed back to the road operator.
Each and every one of these devices and communications systems is, therefore, a component of Critical Infrastructure (CI). Any part of that CI being compromised, leading to roads being degraded or rendered unavailable for an extended period, could lead to massive disruptions and potential grid lock across cities.
With every new device connecting to any system, the attack vector against the system from nefarious actors grows. There are multiple reasons for the increased threats. Firstly, the Operational Technology (OT) in use is not immune from the numerous cybersecurity issues plaguing these devices across manufacturing, energy and utilities. Secondly, it is difficult to apply patches to equipment required for 24 hour operating environments, leading to the potential for exploits to remain unpatched for longer. Thirdly, there is a significant a lack of available cybersecurity talent, especially those skilled across all of the IT, OT and IoT environments.
In 2022 and 2023, we saw international cyber security agencies (including Australia) issuing multiple alerts about malicious Russian cyber operations and potential attacks on CI, the discovery of new OT specific malware, as well as the disclosure of a growing list of OT vulnerabilities.
Threats Are on the Rise
More Vulnerabilities
Specialised Security Skills in Short Supply
|
A different approach is required to combat these persistent and growing threats.
VeroGuard System’s technology maintains network integrity for any devices when connected to open networks. Providing un-phishable MFA for access to networks and devices and strong post quantum level data encryption for device communications, organisations can implement a certified virtual airgap between field asset and open internet connectivity. The VeroGuard Platform is the only platform worldwide to have Common Criteria certification for access on open networks, meaning it has been verified by the Australian Cyber Security Centre (ACSC) for use in Defence and other government departments with high assurance requirements for online access.
Background
CI continues to face an expanding cyber threat landscape which presents a substantial challenge to operations. Governments have mandated controls for cyber across the CI landscape and have continued to broaden the definitions of industries and systems included under the CI banner. With several recent high-profile hacks on the sector, including the Colonial Pipeline in the US and, locally, Optus and DP World, CI operators should be continually evaluating their strategies and technology stacks used to prevent digital incursions.
The ACSC recently released a report stating that “state-sponsored cyber groups and hackers have increased assaults on Australia's critical infrastructure …. adding that its new defence agreement with Britain and the U.S. had likely made it more of a target”. While Australia is not alone in being targeted, our large land mass and distributed workforce makes a strong case for removing airgap controls and enabling remote access – potentially opening the door for malicious actors.
Complicating matters further, “insecurity by design” remains very relevant in OT and IoT systems, which is why a shift in security infrastructure to account for open network connectivity and all the variables it presents is so necessary. Insecure by design vulnerabilities abound, as evidenced by a recent investigation by Vedere Labs which found 56 vulnerabilities affecting 10 major vendors. Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of devices, bypass authentication, compromise credentials, cause denials of service or have a range of operational impacts.
In a closely related sector, a study by the University of Michigan highlights the alarming possibilities for attacks against vehicles - proving that it’s possible to hijack certain processes within modern trucks. Researchers were able to hack into a diagnostic port, manipulate the readouts from the instrument panel, force the truck to accelerate and even disable part of the truck’s braking system.
Analysis by threat hunters at Mandiant of the October 2023 Ukrainian Power station attack showed that a pair of previously undocumented OT attacks were used to cause the power outage, highlighting the difficulty of maintaining protection on OT devices when vulnerabilities are continually being discovered and weaponised by nation-states.
It is not appropriate to simply embrace the cybersecurity operations from existing IT practices. While IT network and operating system patching and identity management practices are well established, the ability to manage OT devices and systems in the same manner is not as straight forward. Many OT devices deployed in CI systems were never originally designed to be connected to the internet and new models for cybersecurity are required.
Some of the key mitigation strategies recommended in every advisory (aside from patching, monitoring, training and awareness – these are all “after the fact” activities and not prevention) are to:
require multi-factor authentication for all access (system, PC’s, devices, networks);
implement and ensure robust network segmentation between OT assets and corporate networks to limit the ability of malicious cyber actors to pivot from a compromised asset and, potentially, to an IT network; and
implement strong machine identity and encrypted communications for connected assets over open networks.
It is important to note that without strong Identity and Access Management (IAM) control over any additional tools, the criminals will find a way through. This is on ongoing occurrence online, with bad actors simply by-passing second factor authentication (2fa) and detection software. There have been attacks where 2fa applications and VPN’s themselves were used as the vectors for successful breaches.
Defending against current and emerging threats.
The rapid adoption of technology presents universal concerns for service providers:
Increased digital services/devices and interconnectivity between systems means an increased attack surface for cybercrime.
Rapid rise in data volumes, flows and complexity of management means increased opportunities for identity breaches.
Transitioning from legacy systems and navigating the complexity of hybrid environments.
Complex layers for identity and security become more costly with many mixed environments.
Expansion of stakeholders and associated integration requirements (suppliers, citizens, third party providers, businesses).
Credential compromises remain one of the largest reasons for breaches of systems, as well as one of the most easily preventable with the appropriate system infrastructure. The next generation of IoT systems must be designed with identity and data security at their core – but changing out infrastructure is costly and slow.
To stay ahead of the curve and defend against the threats outlined in the introduction, the next generation of CI system architecture must include:
a unified platform to reduce the complexity of layers of technology built up over decades;
a cybersecurity platform architecture that is identity centric - purpose built for protection over open networks;
a digital identity that is robust, tethered to the user, re-usable in many places and can’t be tampered with;
machine/human identity and communications that cannot be breached or compromised;
a solution that can be readily retro-fitted to existing networks and company assets;
an identity layer that facilitates hyper convergence of IT and IoT functions to simplify and reduce costs rather than duplicating across networks and participants; and
privacy controls and low friction interfaces for users.
The VeroGuard Platform Critical Infrastructure Security – a significantly better approach
The VeroGuard Platform offers a unique solution to securing connected environments by providing secure IAM controls, virtual network separation, data encryption and flow control. VeroGuard System’s products have Common Criteria (CC) certification (defence level security) and can be quickly and cost effectively deployed to legacy, new and hybrid environments.
The VeroGuard Platform was specifically designed for protecting identity, access and data on the open internet and works by inserting a Hardware Security Module (HSM) between the device being accessed and the network connectivity, delivering an impenetrable defensive layer for online protection. When initiating connectivity, the inline HSM must connect to and verify itself with the VeroGuard Platform HSM, which then creates a secure encrypted tunnel using hardware derived keys and encryption protocols for data flows and any user verification needs.
HSM-to-HSM verification and communication is not new – however, until now, this has been expensive and limited to terrestrial connection. Two-way HSMs are utilised in banking (eg ATM’s, eftpos) and military systems around the globe for securing critical communications. Typically, the technology is used in guided missile control where it is crucial that command messages cannot be decrypted or the command plane hijacked. The VeroGuard Platform brings this mutual two-way hardware verification for use in OT environments, at scale and without the high cost.
Form factors used on the VeroGuard Platform include the VeroCard HSM (for humans) and the VeroMod IoT Shield (for machines/devices).
The VeroCard HSM enables human users to be verified to access networks, applications and devices by authenticating the human via a combination of the specific user’s VeroCard and the user’s secret PIN. Every login attempt is verified by the secure connection back to the VeroGuard Platform.
The VeroMod IoT Shield is a commoditised HSM which connects inline and creates a “virtual airgap” between the device and any connectivity. The VeroMod IoT Shield brings HSM-to-HSM technology for verification and encryption to any device, guaranteeing access requests to and from all machines and providing the highest level of encryption to all data in transit.
The VeroGuard Platform is unmatched for security and scalability as the only online platform that always uses HSM-to-HSM protection time after time, for identity verification, communications, data integrity and switching services.
Multifactor Authentication
Robust Segmentation
Secure Communications
|
The VeroGuard Platform offers a solution for organisations operating roads and transport CI that begins with indisputable proof of identity for all online and digital communications.
The VeroGuard Platform is the only platform available anywhere in the world that can guarantee defence certified identification security for both people and machines over open networks.
How does the VeroGuard Platform do this?
The VeroGuard Platform does this as follows:
by using VeroMods to provide host connections into the VeroGuard Platform, effectively providing point-to-point connection over open networks;
user access is provided with permission verified by the VeroGuard Platform before a user is able to access networks, devices and data,
machine to machine connections are verified in the same way with the digital identity provided by the VeroMod;
all VeroGuard HSM-to-HSM connections are protected using elliptic-curve Diffie–Hellman encryption set for post quantum protection, with a DUKPT (Derived Unique Key Per Transaction) key management protocol, meaning that the keys are derived within the HSM and there is no possibility of the keys being intercepted or stolen; and
each time a connection is initiated, a new set of encryption keys are generated.
Essentially, once deployed the VeroGuard Platform creates a virtual airgap for a connected asset environment. Access is controlled via the irrefutable identity provided by the platform and communications from devices or nodes are encrypted via the impenetrable security of the HSM-to-HSM technology core to the success of the platform.
