The Washington-based Center for International & Strategic Studies has a list of significant cyber incidents since 2006. It's worth scrolling down just to see the sheer scale and number of these attacks.
One of the first to catch the attention of the global public came in 2010, when Iran's nuclear facility in Natanz was hit by a cyberattack using a program called Stuxnet. The program caused the centrifuges used to create nuclear fuel to accelerate and destroy themselves. It did this by targeting the software that controlled many industrial processes.
Stuxnet demonstrated the ability to use technology to achieve military goals. Since then, gangs have harnessed these abilities to create one of the world's most lucrative criminal enterprises, ransomware. Often, these gangs work in tandem with security services, allowing them to operate in return for cooperation in developing cyber warfare weapons.
Definitions of critical infrastructure differ from country to country. However, they will generally include the following: Chemicals, Communications, Critical Manufacturing, Dams, Defense industrial base, Emergency services, Energy, Financial Services, Food and agriculture, Government facilities, Healthcare and public health, Transportation systems, Information technology, and Nuclear facilities and their by-products.
After devoting much of a rare summit with Vladimir Putin dedicated to cyberwarfare, President Biden declared that "the United States will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge". Thus, cybersecurity, and deterrence by the development of cyberweapons, is now one of the most crucial national security and international relations areas.
Let's briefly examine a few "causes célèbre" incidents of attacks on critical infrastructure, highlighting the dangers posed by both criminals and state players.
Whether deranged individuals, cybercriminals, or state security services, all these attacks occurred due to access gained via gaps in a myriad of complex cybersecurity programs and patches along the supply line.
The internet of things dramatically exacerbates the problem due to an exponential increase in access points. For example, water sensors in agriculture or automatic health sensors for livestock could be interfered with, causing failed crops and poisoned animals.
As Sun Tzu wrote in his Art of War, "concerning terrain of this nature, be before the enemy in occupying the raised and sunny spots, and carefully guard your line of supplies". In the context of critical infrastructure, this means combining the strategy of Zero Trust, with the new security paradigm of Confidential Computing, and extending it to include Edge Computing.
Zero Trust for Edge computing requires security measures to be as close as possible to the processing, moving network perimeters directly to the applications themselves. Confidential computing protects the data and applications while running and grants only sufficient access for workers to perform their tasks and no more. By adding protection down to the applications and data and dividing responsibilities, no one has overall control.
As the AI revolution gathers pace, protecting these models becomes as crucial as protecting the data sources themselves as changes can have devastating effects.
HUB Security offers a Confidential Computing platform for critical infrastructure combining zero trust approach with a multitude of cutting-edge techniques in a single box located directly where the processing takes place. This shortens the supply lines and increases the strength of security controls, providing immeasurably higher protection. It also increases performance through reduced latency, whilst significantly diminishing opportunities for malicious actors to even attempt to breach lines of defense.