Critical infrastructure security Q&A with McAfee’s Mo Cashman
Critical infrastructure and supply chains consist of networks and assets that form the backbone of society. Therefore, the fallout of an attack could be catastrophic. Across the globe, individuals have already experienced shortages of food, energy and other resources, and the inability to access critical healthcare services – despite this, it’s likely that the worst is yet to come.
Dynamic solutions are needed to reflect the fact that emerging threats, and the technology needed to deter them, often change faster than the regulatory process can keep up.
In the latest instalment of our supply chain industry executive interview series, we spoke to Mo Cashman, Enterprise Architect and Principal Engineer at McAfee Enterprise, about the biggest risk factors and
- What are the most dangerous cyber security risks to the UK supply chains and other critical infrastructure?
Over the past year, cyber-attacks on critical industries have certainly seen an increase, with sectors such as healthcare, energy/utilities, and government under constant threat from cybercriminals looking to target critical infrastructures such as telecommunication networks and transport infrastructure. The report also saw a 64% increase in publicly reported cyber incidents targeting the public sector.
Some of the most dangerous cyber security risks to critical infrastructure include ransomware-as-a-service. Our latest threat research found that the government was the most targeted sector by ransomware in Q2 of 2021. This is a cybercrime economic model that allows ransomware platform owners to earn money for their creations through affiliates. This model allows non-technical criminals to buy both the ransomware and potentially access to targets to launch attacks more easily while paying the developers a percentage of their take. As a result, the developers run relatively few risks, and their customers do most of the work. Some instances of ransomware-as-a-service use subscriptions, while others require registration to gain access to the ransomware. The attacks will typically enter the workplace via a malicious email or through a vulnerable remote access application.
But another entry point not to be overlooked is supply-chain compromises. This is another critical attack vector facing the national infrastructure. In this case, attackers will often enter the network through a trusted connection, system, or user. Unfortunately, this can make them very difficult to detect.
- Where do the biggest cybersecurity risks to the UK’s national infrastructure come from?
Interestingly, the most significant cybersecurity risks come from both criminal gangs and national state actors. Nation-state actors specifically target critical infrastructure to steal state secrets and cause national disruption. For example, cyber-attacks such as the Sunburst and SolarWinds have been widely attributed to nation-state actors.
Cybercriminal gangs also pose a significant threat to critical infrastructure. At the recent G7 summit, world leaders recognised ransomware as a global threat, calling upon member states to do more to combat it. The criminal gangs running ransomware-as-a-service networks were identified as a particular issue.
Currently, McAfee ATR and MVISION Insights platform is tracking 31 different Ransomware, APT, criminal groups, such as Darkside and Nation-State Actors like APT32. These groups operate globally and across many sectors, including the UK’s national infrastructure. We’ve noticed that criminal organisations and Nation-State actors often share the same malware or tools, such as Cobalt Strike, Mimikatz and Powershell, and leverage similar techniques, such as Supply Chain Compromise and Spearphishing to gain network access. The only real distinction then becomes the intent of the organisation behind an attack.
- What should the government do to improve its national infrastructure’s cyber defences?
Over the last few years, the UK Government has put several different programmes and initiatives in place to combat cyber threats. This includes the establishment of the National Cybersecurity Centre in 2016, which aims to increase cybersecurity awareness and improve skills across organisations associated with the national infrastructure.
Given the rapid move to a culture of remote working, which now looks set to become a permanent fixture, implementing more robust cybersecurity measures has never been more critical. Some additional practices which may help to improve cyber resilience include:
- Adopting a zero-trust architecture framework that performs threat and data protection at every control point in a single pass to help improve user experience and productivity, reduce the cost of security, and simplify management.
- Implementing Continuous Monitoring and Response across all enterprise systems
- Gaining as much information as possible about the enterprise assets and services
- Eliminating trusted zones and micro-segment resources
- Operationalise and share threat intelligence
- Improving security for operational technology networks
- What is the ideal interplay between public and private initiatives when it comes to best protecting the UK’s cyber infrastructure?
Private and public organisations must work together to protect critical infrastructures from cyber threats. A great example of threat intelligence sharing and cross-industry collaboration is the Cyber Threat Alliance (CTA). The CTA is a non-profit organisation working to improve the cybersecurity of our global digital ecosystem. In order to best defend against cybercriminals and threat actors, threat intelligence sharing is vital, and the CTA shares approximately 6 million threat indicators with its members each month.
Another example of great collaboration between the public and private sectors is the nomoreransom.org initiative. Set up five years ago by four founding partners, including law enforcement and private security cybersecurity companies. Since then, it’s expanded to include over 150+ public and private entities and credited with saving organisations an estimated $900 million (or £654 million).
These organisations are both fantastic examples of the public and private sector working in tandem to combat cybercriminals and reduce the cyber threats faced across the globe.