ACID Technologies provides critical infrastructures with 24/7/365 dark web monitoring services, while also monitoring the deep web and multiple additional sources. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted company or infrastructure manager to effectively respond to the threat and mitigate its harmful impact – whether a potentially catastrophic event, major service disruption, data theft, or other.
The January 2020 edition of the USA’s National Intelligence Strategy Report warns that “Cyber threats will pose an increasing risk to public health, safety and prosperity as information technologies are integrated into critical infrastructure, vital national networks and consumer devices…” US National Intelligence Director Daniel Coats added that “the warning lights are blinking red.”
In an article published in February 2020 in Security Week, industrial systems were named the latest geopolitical battleground. Explaining the appeal of industrial control systems (ICS) as prime targets, the article stated that 45% of Fortune 2000 companies rely on ICS networks for their daily running, in sectors that include water, electricity, food and beverage, mining, pharmaceuticals and more. The remaining 55% rely on ICS for basic needs such as transportation, illumination, HVAC systems, etc. A second important reason for which industrial networks are an appealing target is that they are not only ubiquitous, but have extremely long lifecycles – many have been operational for 35 years or more, and while these are connected to IT system for automation and inputs, they lack the necessary security controls.
In the aftermath of the Colonial Pipeline cyber attack (see below), in July 2021, the White House published a national security memorandum with the aim to strengthen cybersecurity for critical infrastructure. The memo states: “The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.”
The same month, the US Transportation Security Administration (TSA) issued a directive requiring oil pipeline operators to implement specific measures to protect against ransomware and other threats to their business and operational technology (OT) networks. This was the second directive issued by the TSA to oil and pipeline operators within a two-month period, highlighting the level of risk of cyber attacks against critical infrastructures identified by the US government. It also mentioned concerns of attacks by groups backed by the Chinese government, shared by President Biden, who publicly accused China’s Ministry of State Security (MSS) of perpetrating cyber-espionage campaigns and destructive attacks against US government, commercial and critical infrastructure targets through hacker groups.
What is considered as critical infrastructure?
The US Cybersecurity and Infrastructure Security Agency (CISA) classifies 16 sectors as critical infrastructure, as their assets, systems and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. These include the energy sector; financial sector; healthcare and public health sector; water and wastewater facilities; emergency services; the information technology sector; critical manufacturing; communications; transportation; food and agriculture; the chemical sector; commercial facilities; government services and facilities; defense industrial base; dams; and nuclear reactors, materials and nuclear waste sectors.
ACID’s advance threat detection solution applies to all critical infrastructures. Some of the sectors are covered in separate pages on this website:
We will delve into examples of some of the other sectors below.
What are some characteristics of critical infrastructures, which make them vulnerable to cyber attacks?
· A broad attack surface resulting from infrastructure spread across large areas, and decentralization. Each facility or component constitutes a vulnerability in itself; as do the distribution network and the companies’ supply chain partners.
· The fourth industrial revolution, manifesting itself in increased automation, digitization, and data interconnectivity and exchange, following the implementation of technologies including cyber-physical systems (CPS), Internet of Things (IoT), artificial intelligence (AI), cloud computing and cognitive computing. While these technologies offer clear and important benefits, there are also increased risks that must be taken into account.
· Some facilities, such as chemical, oil and gas, are characterized by close monitoring of temperature, pressure, chemical composition and leaks. Attacks can be directed at any system or a combination of vital systems – production equipment, SIS (safety instrumented systems) and stop systems, which are often monitored and controlled from a remote location.
· In some facilities, the use of old alongside new equipment presents a challenge in terms of how these connect one to another, and to other systems.
· Operational efficiency requiring easy access is not always compatible with the need for defense mechanisms to protect the IT network.
What are some of the more frequent modes of attack implemented against critical infrastructures?
· Ransomware attacks – the US Federal Deposit Insurance Corporation (FDIC) 2024 Report on Cybersecurity and Resilience identifies ransomware as a significant threat to the country’s critical infrastructure sectors. Cybercriminals are generally correct in their assumption that critical infrastructure operators and companies are likely to quickly pay the ransom they demand in order to be able to resume operation, and in some cases, avert a catastrophe that could potentially cause casualties and/or environmental harm.
· Denial-of-Service (DoS) attacks – by overwhelming a website with fake traffic, cybercriminals can potentially disrupt operation.
· Phishing and spear phishing attacks – to gain access to critical systems and disrupt their operation or steal their data, by deceiving employees who unwittingly download malware.
· Supply chain attacks, which are easier to perpetrate due to interconnectivity.
· DNS tunneling and DNS hijacking (also known as DNS redirection) – which exploit the DNS protocol to tunnel malware and other data through a client-server model; and which redirect users to malicious sites.
· Advanced Persistent Threats (APTs) – often preferred by state-sponsored attackers. Due to their sophistication and persistence, they can cause heavy damage through data theft, and potentially lead to extended disruption.
The communications sector:
Why is the communication sector considered a critical infrastructure?
The US Cybersecurity and Infrastructure Security Agency (CISA) considers the communications sector as an integral component of the country’s economy, underlying the operations of all businesses, public safety organizations, and government. Presidential Policy Directive 21 identifies the communications sector as critical because it provides an “enabling function” across all critical infrastructure sectors.
Over the last 25 years, the sector has evolved from predominantly a provider of voice services into a diverse, competitive, and interconnected industry using terrestrial, satellite, and wireless transmission systems, making it a particularly attractive target. The transmission of these services has become interconnected; satellite, wireless, and wireline providers depend on each other to carry and terminate their traffic, and companies routinely share facilities and technology to ensure interoperability.
Have there been cyber attacks on the communication sector, illustrating its vulnerability and the potential impact of cyber attacks targeting it?
· A cyber attack illustrating particularly well the broad impact on the communication industry took place in Australia in 2022. The perpetrators targeted Opus, the country’s second-largest mobile carrier – the provider of approximately 31% of the country’s mobile services at the time. According to a statement released by the Queensland Government, the hacker accessed between 2.5 million and 9.7 million records. For some of the company’s customers, the stolen data included addresses and driver licence, Medicare, or passport numbers. The Government further revealed that “the breach allegedly occurred due to an unsecured application interface that allowed other devices and systems to access it. The damage to Optus was significant, including substantial spending on remediation and potential compensation for victims. Estimates also suggest a $1.5 billion loss in Optus’s brand value. A hacker on a dark web forum claimed to have stolen and then deleted the data, but it is not known if this is true. The stolen identities may still surface, putting Optus customers at ongoing risk of identity theft. The incident also impacted government agencies, such as the Department of Transport and Main Roads, which had to replace over 178,000 Queensland driver licences.”
· More recently, in March 2024, AT&T revealed that personal data of more than 70 million of its customers – 7.6 million current and 65.4 former – was discovered on the dark web, where it had been released approximately two weeks prior. It was investigating the incident to determine whether this resulted from its own systems being hacked, or from a data breach at one of its vendors.
The following month, AT&T’s Snowflake cloud workspace was breached resulting in the theft of metadata on 109 million customers. The stolen data included records of calls and texts along with the phone numbers from which they had originated. Cell tower identification numbers, which can be used to geolocate customers, were also exposed.
· On August 23, 2024, the payment services of Swisscom, a major Swiss telecommunications provider, were rendered inoperable at 11:30 as a result of a DDoS attack. Operation resumed on all the provider’s e-banking services and mobile payments in the afternoon.
The chemical industry:
What are the potential hazards that can arise from successful cyber attacks on the chemical industry?
The chemical industry processes hazardous, toxic and explosive materials as part of its manufacturing processes, highlighting the need to keep it secure from a variety of threats, including cyber threats. The importance of this industry can perhaps be best demonstrated by the datum shared by the American Chemistry Council: 96% of manufactured goods depend on chemicals. In the USA alone, more than 3,000 chemical facilities are classified as high-risk, meaning that they utilize at least one ‘chemical of interest’; often more. A ‘chemical of interest’ is defined as explosive, toxic or other compounds that could potentially be weaponized.
Keeping the chemical industry secure is important to maintain public and environmental safety. Preventing the weaponization of chemicals by terrorists is crucial to national security. A security gap exploited by terrorists can result, for example, in a massive explosion, if chemicals are mixed in the wrong ratios or systems pushed beyond their safety limits, or if dangerous chemicals are released into the atmosphere as a result of excessive pressure.
Dangerous chemicals are manufactured, used, stored and transported; some also serve other critical infrastructures. One such chemical is ammonium nitrate, which is used to make explosives, fertilizers, matches and antibiotics. It is on the Special Health Hazard Substance List and also cited by the US Department of Transportation (DOT) and the National Fire Protection Association (NFPA). Ammonium nitrate is reactive and a dangerous explosive hazard.
The theft of intellectual property is a major concern; it is often the result of massive investment in research over a prolonged period of time. Safeguarding intellectual property is therefore essential. On a company-specific level, the theft of formulas for the production of various chemicals, as an example, can be catastrophic. In some cases, it is a concern that rises to the national level as well.
Have cybersecurity incidents involving the chemical industry occurred recently?
· The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that its Chemical Security Assessment Tool (CSAT) was the target of a cybersecurity intrusion by a malicious actor from January 23-26, 2024. While CISA’s investigation found no evidence of exfiltration of data, this intrusion may have resulted in the potential unauthorized access of Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts.
· One cyber attack in 2017 on a petrochemical plant in Saudi Arabia, which although not recent, is an excellent example of the disastrous potential of such an attack. The plant’s critical safety system was breached with the Triton malware, through the exploitation of a bug in the Windows OS. Due to the scale of the potentially catastrophic effect of this attack it was referred to at the time as “the world’s most murderous malware.”
Critical infrastructures are precisely that – critical to the functioning of society, to the economy and to national security. It is therefore imperative to do the utmost to protect them. ACID helps critical infrastructure managers and companies to do just that, and also to avoid data theft that could be disastrous to their operation.
ACID deploys clusters of robots and implements sophisticated algorithms to perform continuous dark web monitoring in order to detect signs of impending attacks even while still in their planning stage, attacks that are in progress, and leaked data indicating that systems had been breached. Numerous additional sources and platforms are also monitored 24/7/365. Once a threat is detected, ACID sends real-time alerts to the targeted organization, to enable it to implement countermeasures to mitigate the effects of the attack, or perhaps even foil it altogether.
ACID’s solution to cybercrime directed against the oil and gas industry can help companies avoid not only disruption to their operation, but also the need to pay ransom in the millions of dollars and possibly fines due to safety issues, while protecting their competitiveness and reputation.