Strengthening the protection of near-technology assets

In the “noise” of the cybersecurity-related events in the US in recent weeks, some publications that have received much less attention but are important in their potential impact may have been lost.

In his 12 July post on the increasing frequency of ransomware attacks on critical infrastructure, Joe Weiss outlined a new way forward to replace the current network-centric cyber defences by strengthening the protection of technology-centric devices and systems. Joe’s vision is that if attackers are faced with the prospect of a ransomware attack that can disrupt the core functionality of their targets to a lesser or no extent, they will be likely to devalue those targets. Joe’s approach is in line with the view, expressed for many years but still in a significant minority, that there is a need to strengthen the protection of technology-enabled devices and systems because they are either unprotected or insufficiently protected.

Then, on 21 July, news broke that Israel was stepping up its cyber defences in the wake of last year’s cyber attacks on its drinking water supply. As one element of this, as reported here and here, the Israeli Water Authority has decided to deploy the SigaGuard system from SIGA OT Solutions based on the results of a pilot project. The system receives signals coming directly from the technology – i.e. Level 0 according to the Purdue model*. The system uses machine learning and artificial intelligence to detect anomalies in the process and alert the operator.

On 29 July, Joe Weiss again addressed the topic in a blog post. He put it bluntly: the goal of a utility infrastructure is not to have its network protected, but to have the utility service running smoothly! Utility services have worked quite well for many decades without IP networks. Joe cites the Israeli solution as a good example, and describes in detail its expected benefits.

The cited publications show a very different approach from the current one. At first glance, not illogically so. And the second?

What do you think about the concept of strengthening the near-technology protection as outlined?

Would such protection really reduce the urge of a ransomware attacker?

In any case, SeConSys will certainly monitor and evaluate developments on this topic in view of its possible relevance to electricity.

* The Purdue model is described in the Cybersecurity Manual for Industrial Monitoring Systems for Electricity, section 7.1. The manual can be downloaded here.

We welcome messages either agreeing or disagreeing with the above. For example, by responding to them in a new post, a substantive professional exchange of views could be initiated.

Translated by DeepL