Critical infrastructure plays a fundamental role in daily life for people, cities, countries and governments, it is no surprise then that Advanced Persistent Threat (APT) hacker groups see critical infrastructure organisations as prime targets.
It is widely acknowledged that APT groups have become an extension of nation-states’ military forces. Funded and encouraged to strike at national critical infrastructure in order to undermine governments and incite civil unrest. One such example being the damage inflicted on Ukraine by the BlackEnergy attack in 2015, which led to the loss of power to 700,000 homes during the sub-zero temperatures of mid-December. An attack which also impacted shipping giant Maersk, food conglomerate Modelez, and the National Bank of Ukraine.
The SolarWinds hack is another example where nation-state involvement is widely cited as being the driving force behind the attack. In this case an APT group used SolarWinds’ Orion software to gain access to several government systems and thousands of private systems around the world.
Aside from the breadth of the SolarWinds hack and its impact on critical infrastructure, is the timeline from when it is believed the initial breach occurred (September 2019), to when it was first discovered by cybersecurity company, FireEye in December 2020. Average dwell time for a cyberattack is 95 days (dwell time being the period between initial breach to discover that a breach has occurred). The 14 months dwell time in the SolarWinds case underlines the sophistication of the attack and raises serious questions on what information the APT were able to gain over such a prolonged period.
Fighting the state-sponsored threat with strong authentication
Mitigating the ongoing threat of state-sponsored APTs is no mean feat. For those responsible for information security in critical infrastructure there is a burgeoning threat surface across people, devices, suppliers, and partners where risks are posed.
One opportunity where a door can be slammed shut to APTs is by ensuring strong authentication is in place across all employees, suppliers and contractors accessing corporate networks.
Phishing, spear phishing, social engineering, password spraying, and brute force attacks can all be mitigated through universal strong multi-factor authentication.
For critical infrastructure organisations universal strong authentication will typically mean rolling out multi-factor authentication across thousands of employees, covering hundreds of user roles and associated access needs into multiple corporate systems. It will also typically include large numbers of contractors, suppliers and partners who also have their own role-based access needs.
Delivering universal authentication at scale and across such a diverse user group has many challenges, however there are systems that can help organisations overcome these.
At Intercede we work with many national critical infrastructure organisations around the world who have stepped up to universal authentication. From energy to banking, government to healthcare all organisations have their diverse user groups, roles and challenges. They have all used the MyID credential management system (CMS) to implement strong authentication across their organisations.
With the right CMS organisations have a powerful tool to issue and manage strong authentication across thousands of users and distinct user groups. With MyID IT teams have one system to set security policies, define user groups and associated roles-based access, integrate into other Identity Access Management (IAM) systems such as SailPoint, and issue credentials across multiple technologies; smart card, mobile, virtual smart card, USB security token.
Mobile to YubiKey, smart card to virtual smart card enabled laptop, public key infrastructure (PKI) to FIDO, MyID is a tool that sits in the middle and integrates all of the above and more. The end result being a flexible strong authentication solution that ensures all users are accessing systems securely using cryptographically protected multi-factor authentication.
If you are a large organisation wanting to ensure you know who is accessing your corporate systems and networks, contact us via the form below to arrange a MyID demo.