In 2018, Russia started a widespread cyber-attack targeting critical infrastructures around the world, including tens of thousands of devices in British homes. So back in April, the UK’s National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security (DHS) released a joint alert, warning that the Russian Government had carried out an attack targeting millions of computer routers, firewalls and other networking equipment used by infrastructure operators, government agencies and private companies. According to this alert, the targets of this malicious cyber activity are primarily government and private-sector organizations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors.

As we see hackers relentlessly targeting Critical National Infrastructures (CNIs), we also find that cyber defense is not keeping pace. If you add this to the fact that the UK public sector employs 5.424 million, you’ll realize how challenging it can be to protect them against external and insider threats.

I know it’s easy to feel helpless when looking at threats surrounding these sectors, but this is exactly when we should adopt a “there are no problems, only solutions” attitude and tackle each challenge CNIs are facing.

Resources

Did you know that one of the most significant risk areas for CNIs is internal resources? This includes people, technology and funding. The cyber security skills gap in the UK public sector is no longer a secret to anyone but if Frost & Sullivan were right when releasing their predictions in 2016, then the global cybersecurity workforce will be short by around 1.8 million people by 2022. So how can we fill that gap, or at least, limit the risks of cyber-attacks?

You could argue that staff awareness can be raised by combining raw threat feeds with existing security information and event management (SIEM) and log management tools, and this would be a straightforward solution. The reality is that you will not reach your objective this way because ultimately, it drives up alert fatigue for an already overwhelmed staff. But as I said, there are no problems, only solutions. You can eliminate alert fatigue and accelerate situational awareness thanks to prioritized, contextually relevant, real-time threat intelligence that seamlessly integrates with existing tools and practices. A threat intelligence platform (TIP) facilitates this integration and the result is the optimization of limited resources.

Sensitivity to breach

As mentioned above, in April the National Cyber Security Centre (NCSC) released an advisory to warn of a sustained cyber-attack against UK companies. It said that it was “aware of an ongoing attack campaign against multiple companies involved in the CNI supply chain”, and that “these attacks have been ongoing since at least March of 2017”. CNIs face the continual challenge of balancing access and transparency against protecting constituents’ sensitive information. The problem is that, in order to do this, they need a level of openness that makes it difficult to prevent all intrusions.

While its security strategy mainly focuses on providing preventive tools, techniques and procedures. CNIs should shift their focus beyond prevention to include detection, response and recovery. Actionable threat intelligence, integrated with existing preventive tools via a TIP, is the best means to quickly detect, respond and recover from a malicious intrusion.

Threat landscape

As the threat landscape is ever expanding, NCIs are facing two factors driving the trend. First, they deal with a fair amount of highly-sensitive data as well as unpatched, unprotected and even unsupported operating systems. This makes them a juicy target for hackers. Second, the NCIs attack surface is increasing because they are rapidly moving to the cloud and adopting mobile and Internet of Things devices. This means, in order to protect its digital landscape against threats, they need to maintain their visibility into the whole infrastructure as well as to re-evaluate and reprioritize threat intelligence.

Bringing situational awareness and response to CNIs

The right type of technology should be leveraged and combined with an effective staff training to accelerate detection and response. Oh wait, is there not already a technology for this? Oh yes, that’s called a threat intelligence platform, and a robust one can give government agencies the prioritization,  contextual awareness and real-time insight necessary to reach these objectives. Providers like ThreatQuotient fully integrates with already-in-place threat feeds and SIEM systems as well as other security tools to maximize existing resources – staff and technology. With this type of solution, security staff gain the ability to prioritize vulnerability mitigation by addressing vulnerabilities in relation to currently active exploits.

There are no problems, only solutions

CNIs can reinforce their cyber security by deploying a threat intelligence platform that will help them to:

• Consolidate both structured or unstructured sources of external and internal threat intelligence such as Open-source intelligence (OSINT) feed and Security information and event management (SIEM), and vulnerability data.
• Achieve situational awareness of the entire infrastructure (on-premises, cloud, IoT, mobile and legacy systems) by integrating vulnerability data and threat intelligence in context of active threats.
• Eliminate alert fatigue by providing context and prioritization to threat intelligence.
• Prioritize response for government agencies by cutting through the noise and focusing on what matters most to government agencies.
• Proactively hunt for malicious activity which may cause significant harm to constituent records.
• Focus beyond protection to include detection, response and recovery.
• Accelerate analysis and response to attacks through collaborative threat analysis that accelerates understanding, facilitates multi-agency interaction and dramatically improves response.
• Automatically push relevant threat intelligence to detection and response tools.

As you should know by now, there’s no ultimate solution that can protect you from all threats. However, there are thousands of solutions out there and the objective should be to find the right fit matching your requirements and the challenges CNIs are facing. The NCSC advised operators in electricity, water, energy, transport, health or digital infrastructure, to be focused on NIS Directive compliance.

The Directive on security of network and information systems (NIS Directive) is an EU-wide directive focusing on the availability of crucial network and information systems in order to protect the union’s critical infrastructure and thereby ensure service continuity. The NCSC also provided a detailed guidance including four key objectives: manage security risk, protect against attacks, detect security events and minimize the impact of incidents. This gives all reasons to turn to a trusted provider that will help security operations teams to understand and act upon the most relevant threats, and eventually achieve more, faster with their existing security infrastructure and people.