Critical Infrastructure Security: Cybersecurity lessons learned from real-world breaches

Critical Infrastructure Security

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Pavan Ramchandani

Publishing Product Manager: Neha Sharma

Book Project Manager: Ashwin Kharwa

Senior Editors: Arun Nadar, Sayali Pingale

Technical Editor: Irfa Ansari

Copy Editor: Safis Editing

Indexer: Hemangini Bari

Production Designer: Jyoti Kadam

Senior Developer Relations Marketing Executive: Marylou De Mello

First published: May 2024

Production reference: 1300424

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK

ISBN 978-1-83763-503-0

www.packtpub.com

To my family, friends, colleagues, and mentors.

Your support, guidance, and belief in me have been invaluable in my journey through the world of cybersecurity. This book, Critical Infrastructure Security, is a tribute to your unwavering faith and encouragement, which have been instrumental in overcoming challenges and barriers, especially as a woman in this field. I am deeply grateful for your role in making this achievement possible.

– Soledad

Contributors

About the author

Soledad Antelada Toledano, a leading cybersecurity trailblazer, currently serves as security technical program manager at the Office of the CISO at Google. Her career took off at Berkeley Lab, a key player in internet development and scientific research, where she also contributed significantly to NERSC’s cybersecurity. Soledad further made her mark as the head of security for the ACM/IEEE Supercomputing Conference, overseeing SCinet’s network architecture. She founded GirlsCanHack, advocating for women in cybersecurity. Recognized as one of the 20 Most Influential Latinos in Technology in America in 2016, Soledad is a notable figure in promoting diversity and innovation in cybersecurity.

About the reviewers

Aditya K Sood (Ph.D.) is a cybersecurity leader, advisor, practitioner, and researcher. With the experience of more than 16 years, he provides strategic leadership in the field of information security. Dr. Sood obtained his Ph.D. in computer sciences from Michigan State University. Dr. Sood is also the author of the Targeted Cyber Attacks and Empirical Cloud Security books. He has been an active speaker and presented at Blackhat, DEFCON, FIRST, APWG, and many others. On the professional front, Dr. Sood held positions such as senior director of threat research and security strategy, director of cloud security, and chief architect while working for companies such as F5 Networks, Symantec, Blue Coat, Elastica, IOActive, and KPMG.

I would like to express my deepest gratitude to all those who contributed to the creation of this book. I am indebted to my family members and mentor for their unwavering support, understanding, and patience throughout the review process. Their encouragement has been a constant source of inspiration.

Chandan Singh Kumbhawat, a cybersecurity maestro with over a decade of experience, specializes in safeguarding critical infrastructure, particularly in the railway sector. He has navigated the complexities of the railway sector, demonstrating a commitment to excellence. His strategic vision and hands-on expertise have fortified systems against evolving threats. Chandan’s leadership extends beyond technology, fostering collaboration and knowledge sharing. A trailblazer in adopting cutting-edge tech, he navigates the complex intersection of innovation and cybersecurity, leaving an indelible mark on the industry.

I extend my heartfelt gratitude to my wife and daughters, whose unwavering support and understanding have been the pillars that allowed me to dedicate time and effort to the creation of this book. Their encouragement and sacrifices have been instrumental in shaping this endeavor, and for that, I am truly thankful.

Jean Michel, a seasoned cybersecurity leader with over 2 decades of expertise, specializes in data protection and information security, particularly in critical infrastructure sectors. His strategic roles have driven significant digital transformation and bolstered cyber resilience in urban transport. Renowned for his deep understanding in governance, cyber risk management, and compliance, Jean Michel has been instrumental in safeguarding essential services. His certifications from prestigious bodies underscore his profound knowledge and commitment. As a mentor and innovator, he shapes cybersecurity futures.

Table of Contents

Preface

Part 1: Introduction to Critical Infrastructure and Cybersecurity Concepts

1

What is Critical Infrastructure?

Chemical sector

Impact of a compromised chemical sector

Cyberattack scenarios in the chemical sector

Commercial facilities sector

Impact of a compromised commercial facilities sector

Cyberattack scenarios in the commercial facilities sector

Communications sector

Impact of a compromised communications sector

Cyberattack scenarios in the communications sector

Critical manufacturing sector

Impact of a compromised critical manufacturing sector

Cyberattack scenarios in the critical manufacturing sector

Dams sector

Impact of a compromised dams sector

Cyberattack scenarios in the dams sector

Defense industrial base sector

Impact of a compromised defense industrial base sector

Cyberattack scenarios in the defense industrial base sector

Emergency services sector

Impact of a compromised emergency services sector

Cyberattack scenarios in the emergency services sector

Energy sector

Impact of a compromised energy sector

Cyberattack scenarios in the energy sector

Preventing and mitigating cyberattacks

Financial services sector

Impact of a compromised financial services sector

Cyberattack scenarios in the financial services sector

Food and agriculture services sector

Impact of a compromised food and agriculture sector

Cyberattack scenarios in the food and agriculture services sector

Government facilities sector

Impact of a compromised government facilities sector

Cyberattack scenarios in the government facilities sector

Healthcare and public health sector

Impact of a compromised healthcare and public health sector

Cyberattack scenarios in the healthcare and public health sector

Information technology sector

Impact of a compromised information technology sector

Cyberattack scenarios in the information technology sector

Nuclear reactors, materials, and waste sector

Impact of a compromised nuclear reactor sector

Cyberattack scenarios in the nuclear reactor sector

Transportation system sector

Impact of a compromised transportation system sector

Cyberattack scenarios in the transportation system sector

Water and wastewater sector

Impact of a compromised water and wastewater sector

Cyberattack scenarios in the water and wastewater sector

Summary

References

2

The Growing Threat of Cyberattacks on Critical Infrastructure

A brief history of CI protection and attacks

The impact of the 9/11 attacks on CI

Same old attacks throughout history

Executive order 13010

Evolution of a nation’s CI protection posture

Evolution of cyberattacks and countermeasures

The state of CI in the face of cyberattacks

COVID-19-period cyberattack landscape

The Colonial Pipeline ransomware attack

Attacks in 2023

National cybersecurity strategies

Summary

References

3

Critical Infrastructure Vulnerabilities

Understanding the difference between threat, vulnerability, and risk

Vulnerability

Threat

Risk

Vulnerability assessment

Scope definition

Asset inventory

Threat modeling

Vulnerability scanning

Manual assessment

Risk prioritization

Remediation planning

Verification and validation

Ongoing monitoring

Reporting and documentation

Security vulnerability management life cycle

Discovery

Assessment and prioritization

Notification

Remediation or mitigation

Verification and validation

Monitoring and continuous assessment

End of life

Most common vulnerabilities and threats in CI

Inadequately secured industrial control systems (ICS)

Common vulnerabilities in industrial control systems (ICS)

Ransomware targeting CI

Supply chain attacks on CI components

Legacy systems and lack of security updates

Physical security breaches

Internet of Things (IoT) vulnerabilities

Summary

References

Part 2: Dissecting Cyberattacks on CI

4

The Most Common Attacks Against CI

DDoS attack

Volumetric attacks

Reflection and amplification attacks

Resource depletion attacks

Protocol-based attacks

Application layer attacks

Ransomware attack

Infection

Encryption

Ransom note

Ransom payment

Data recovery

No guarantee of data recovery

Supply chain attack

Scope of attack

Attack vector

Stealth and persistence

Data exfiltration

Software supply chain attacks

Hardware supply chain attacks

Impersonation and trust exploitation

Mitigation challenges

Notable examples

APT

Phishing

The anatomy of a phishing attack

Impersonation and trust exploitation

Pretexting and urgency

Mimicking authority figures

Deception and lure

Malicious links and attachments

Why do phishing tactics persist?

Common unpatched vulnerabilities

The significance of timely patching

Summary

References

5

Analysis of the Top Cyberattacks on Critical Infrastructure

Stuxnet attack on Iran’s nuclear program (2010)

Ukrainian power grid attack (2015)

Dyn attack on internet infrastructure (2016)

WannaCry (2017)

NotPetya (2017)

SolarWinds attack (2020)

Colonial Pipeline ransomware attack (2021)

Summary

References

Part 3: Protecting Critical Infrastructure

6

Protecting Critical Infrastructure – Part 1

Network security and continuous monitoring

Network segmentation

Access control

Intrusion detection and prevention systems

Virtual private networks (VPNs)

Security audits and penetration testing

Honeypots and deception technologies

Zero trust architecture

Security monitoring

Security policy and frameworks

NIST cybersecurity framework

ISO/IEC 27001 and ISO/IEC 27002

NERC CIP

The Department of Homeland Security (DHS) critical infrastructure security framework

HITRUST CSF

CIS Controls

Summary

References

7

Protecting Critical Infrastructure – Part 2

Systems security and endpoint protection

Antivirus/antimalware protection

Firewalls

Host IDS/IPS

EDR

Application security

Secure software development life cycle

Code reviews and static analysis

Authentication and authorization hardening

Data encryption

Session management

Security patching and updates

Penetration testing

Logging and monitoring

IR and data recovery

Summary

References

8

Protecting Critical Infrastructure – Part 3

Incident response (IR)

IR history

IR planning

Security culture and awareness

Interconnectivity of critical infrastructure

Cascading effects of a cyberattack

Responsibility to safeguard critical assets

Insider threats

Teamwork and information sharing

Executive orders

Executive Order 13010 – Critical Infrastructure Protection (1996)

Executive Order 13231 – Critical Infrastructure Protection in the Information Age (2001)

Homeland Security Presidential Directive 7 (HSPD-7) – Critical Infrastructure Identification, Prioritization, and Protection (2003)

Executive Order 13636 – Improving Critical Infrastructure Cybersecurity (2013)

Presidential Policy Directive 21 (PPD-21) – Critical Infrastructure Security and Resilience (2013)

Executive Order 13873 – Securing the Information and Communications Technology and Services Supply Chain (2019)

Executive Order 13870 – America’s Cybersecurity Workforce (2019)

Executive Order 13865 – Coordinating National Resilience to Electromagnetic Pulses (2019)

Executive Order 13905 – Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services (2020)

Executive Order 14028 – Improving the Nation’s Cybersecurity (2021)

Executive Order 14110 – Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023)

Summary

References

Part 4: What’s Next

9

The Future of CI

Increment and innovation of cybersecurity measures

More robust encryption implementation

Human factor and training

PPPs

Resilience and recovery

Integration of IoT and smart technologies

Supply chain security

Advancements in threat detection technologies

Greater regulatory and compliance requirements

Cross-sector collaboration

Summary

Conclusion

References

Index

Other Books You May Enjoy

Preface

This book offers an essential guide for anyone aiming to fortify critical infrastructure against cyber threats. It merges fundamental cybersecurity principles with compelling real-world case studies, enhancing retention and offering engaging insights into the complexities of critical infrastructure cybersecurity. The book specifically addresses the knowledge gap brought about by the convergence of Information Technology (IT) and Operational Technology (OT), providing valuable perspective for practitioners navigating this evolving landscape.

It serves as an invaluable resource for cyber defenders, delivering practical knowledge gained from historical cyber incidents to prevent future breaches. From exploring vulnerabilities to presenting strategies for protection, this book equips readers with the understanding necessary to mitigate attacks on critical infrastructure.

You will learn to do the following:

Comprehend the importance of critical infrastructure and its role within a nation

Grasp key cybersecurity concepts and terminology

Recognize the increasing threat of cyberattacks on vital systems

Identify and understand the vulnerabilities present in critical infrastructure

Acquire knowledge about the most prevalent cyberattacks targeting these infrastructures

Implement techniques and strategies to shield critical assets from cyber threats

Contemplate the future direction of critical infrastructure protection and cybersecurity

Stay abreast of emerging trends and technologies that may influence security

Foresee expert predictions on how cyber threats could evolve in the upcoming years

Gain technical knowledge about the most important cyberattacks in the last years

By the conclusion of this book, you will be well versed in core cybersecurity principles that are instrumental in preventing a broad range of attacks on critical infrastructures.

Who this book is for

This book is designed for a broad audience that includes the following:

The general public, especially those interested in understanding how cybersecurity issues affect society

Security enthusiasts who are keen on diving deeper into the specifics of cyber threats and protection measures

Professionals in the field of cybersecurity or related fields looking for a more nuanced understanding of cyberattacks on critical infrastructure

Decision-makers and individuals in positions of power with influence over national security policies that want to be informed about the challenges and solutions related to cybersecurity

This book caters to readers with varying levels of pre-existing knowledge, from those with basic understanding to professionals seeking to expand their expertise. It addresses common hurdles for readers, such as unfamiliarity with security concepts, difficulty with technical jargon, and anxiety about the subject matter by breaking down complex ideas into more accessible language and adopting a storytelling approach. The book positions itself uniquely in the market by offering up-to-date insights into the increasing threats of cyberattacks on critical infrastructure, an area where current literature is limited.

What this book covers

Chapter 1, What is Critical Infrastructure?, details the 16 essential CI sectors identified by CISA, such as the chemical and electrical grid sectors, and explains their significance to U.S. national security and safety. It provides an overview of these sectors and examines the potential consequences of cyberattacks, aiming to educate readers on the importance of CI protection and the scenarios of cyber threats.

Chapter 2, The Growing Threat of Cyberattacks on Critical Infrastructure, examines the normalization of cyberattacks on CI, highlighting well-known and obscure cases from recent decades. It investigates the evolution, causes, and emerging trends of these attacks, alongside the intentions behind them, providing a historical context and an evaluation of the current global cybersecurity climate. The chapter aims to enhance the reader’s understanding of cybersecurity’s development in relation to CI and the landscape of threats from malicious actors on a global scale.

Chapter 3, Critical Infrastructure Vulnerabilities, delves into security vulnerability assessment methods, describing the life cycle of vulnerabilities and the processes for assessing and managing them. It offers insights into prevalent vulnerabilities and threats in critical infrastructure, such as those associated with industrial legacy systems. The chapter clarifies concepts of threats and vulnerabilities, and readers will learn the essentials of vulnerability assessment, how to discern between risk, vulnerability, and threat, becoming familiar with the most common threats and vulnerabilities that affect critical infrastructure today.

Chapter 4, The Most Common Attacks Against CI, offers an in-depth analysis of prevalent cyberattacks targeting critical infrastructure globally. It explores the mechanisms, operations, and success strategies of various attacks such as DDoS, ransomware, supply chain attacks, phishing, unpatched vulnerability exploits, and advanced persistent threats. The chapter is designed to equip readers with detailed technical knowledge of different cyberattacks and an understanding of the attackers’ profiles and their objectives.

Chapter 5, Analysis of the Top Cyberattacks on Critical Infrastructure, presents real case studies of cyberattacks aimed at critical sectors. Building upon the foundational knowledge established in the preceding chapters, this chapter offers an in-depth look at the cyberattack landscape, enhancing the reader’s technical understanding of such incidents. The focus is on dissecting examples of attacks against national infrastructures and delving into the technical methods employed by attackers. Readers will refine their grasp of cyberattack strategies on CI and learn to apply theoretical insights to real-world scenarios.

Chapter 6, Protecting Critical Infrastructure – Part 1, ventures into the strategies and solutions crucial for safeguarding our essential services from cyber threats. After exposing the potent impact of notable cyber incidents in the previous chapters, this segment turns to proactive defenses. It outlines a range of protective measures, from technical to organizational, vital for reinforcing our critical infrastructure’s cybersecurity. The chapter’s focus includes network security, continuous monitoring, and the implementation of robust security policies and frameworks.

Chapter 7, Protecting Critical Infrastructure – Part 2, advances the discussion from foundational cybersecurity measures to an in-depth analysis of systems security and endpoint protection. It provides a comprehensive understanding of safeguarding the intricate components of critical infrastructure against advanced cyber threats. The chapter emphasizes robust endpoint security strategies, including the deployment of antivirus and antimalware solutions, and endpoint detection and response systems. It also tackles application security, integrating these security facets into a wider cybersecurity strategy for robust digital protection. This chapter stresses the importance of a layered defense approach in securing critical digital assets amidst the complexity of modern cyber threats.

Chapter 8, Protecting Critical Infrastructure – Part 3, moves beyond proactive measures into the realms of incident response, the cultivation of security culture and awareness, and the role of executive orders in fortifying our critical infrastructure. This part of the series equips the reader with strategies for swift and effective action against security breaches, ensuring infrastructure resilience. Emphasizing the human element, it delves into how fostering a vigilant security-aware culture within organizations contributes to national defense. Additionally, the chapter examines the significant impact of governmental directives on security practices, exploring the intricacies of implementing such orders. This chapter stitches together the practical, cultural, and regulatory facets that are pivotal for the security and readiness of our critical infrastructure.

Chapter 9, The Future of CI, explores the existing shortcomings and the progression in cybersecurity as it pertains to critical infrastructure. It also projects forward to examine the challenges and risks presented by emerging technologies such as artificial intelligence and quantum computing, especially to outdated systems. This chapter contemplates the cybersecurity trajectory and anticipates the resilience needed for critical infrastructures to withstand future threats.

Conventions used

There are a number of text conventions used throughout this book.

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: Select System info from the Administration panel.

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Critical Infrastructure Security, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

Scan the QR code or visit the link below

https://packt.link/free-ebook/9781837635030

Submit your proof of purchase

That’s it! We’ll send your free PDF and other benefits to your email directly

Part 1: Introduction to Critical Infrastructure and Cybersecurity Concepts

Part 1 serves as a primer on the fundamental aspects of critical infrastructure and the cyber threats that jeopardize its integrity. It begins with an exploration of the key sectors vital to national security and public safety, discussing the potential impact of cyber incidents. The discussion then shifts to the evolution of cyber threats, offering insights into the historical context and current trends that shape the cybersecurity landscape. Lastly, it addresses the methodologies for identifying and mitigating vulnerabilities, with a special focus on the unique challenges faced by industrial legacy systems. This section establishes the groundwork for understanding the complex world of cybersecurity and the strategies needed to protect critical infrastructure.

This part has the following chapters:

Chapter 1, What is Critical Infrastructure?

Chapter 2, The Growing Threat of Cyberattacks on Critical Infrastructure

Chapter 3, Critical Infrastructure Vulnerabilities

1

What is Critical Infrastructure?

Critical infrastructure (CI) refers to the assets, systems, and networks that are essential for the functioning of a society and its economy. These include physical assets that support the delivery of services such as energy, water, transportation, healthcare, communications, emergency services, and financial services. The term critical infrastructure also encompasses the resources, facilities, and systems that are necessary for national security, public safety, and public health.

The Cybersecurity and Infrastructure Security Agency (CISA) identifies 16 CI sectors in the United States, as shown in Figure 1.1. These sectors are considered so vital that their disruption, incapacitation, or destruction could have a severe impact on national security, public health and safety, or economic security:

Figure 1.1 – Critical infrastructure sector

This chapter will cover the following topics:

Overview of CI sectors

Impacts of compromised sectors

Cyberattack scenarios in CI sectors

Risk mitigation examples

To shift our focus toward a more detailed examination of each sector, let’s now explore them individually.

Chemical sector

The chemical sector is one of the 16 CI sectors identified by the CISA in the United States. It includes the production, storage, and transportation of chemicals that are essential to many industries, such as agriculture, healthcare, and manufacturing. The sector is diverse, including companies that produce industrial chemicals, pesticides, pharmaceuticals, and other specialty chemicals. The chemical sector is vital to the U.S. economy, and a disturbance in its functioning could lead to serious implications for public health, safety, and the security of the nation.

Impact