Sirwin
Sirwin

Infrastructure & Cybersecurity: Considering The World Around Us

By Investigator515 | Investigator515 | 24 Feb 2024


So just how do we secure critical infrastructure anyway?

If you’re a regular reader, you’ve probably figured out that while we love cybersecurity topics in general, one of our favourite topics revolves around embedded systems, as well as the attitudes behind securing them. And while this is an ever-changing field, it’s fair to say there’s been one recent incident that has people talking about this same question over and over again. “So how do we secure our critical infrastructure against threats?”

1*0wlod1Ug2hTEmMRCrHdgUQ.png Power stations are particularly vulnerable. Source: Wikipedia.

Why Now?

While the field has received attention since the early days of the internet, the fact is that since the full-scale invasion of Ukraine, these conversations have become front and centre of everyone's attention once again. However, to understand why this is so, we’ll need to jump back a little and look at the history of the conflict. This is so we understand cyber tactics and tool implementation after exploring how it can be applied in an offensive strategy. So while our topic can be considered to be a little theory-heavy, at the end of it we should have a clearer picture of some of the tactics that have been used. We can also gauge their effectiveness and consider how they may evolve in the future. While tactics, strategies, and simulations can be discussed in a lab or virtual environment, the fact is that plans need real-world stress testing to ensure they stand up to forecasts or projections.

1*PBXFvH15ZWbeKX9OgBcooA.png When you’re talking about critical infrastructure, DDOS is not the only game in town. Souce: Wikipedia

Ukraine, Russia & Cyberwarfare

Since 2022, the part of the conflict that received the most attention was the escalation that led to the full-scale invasion in February of that year. However, the reality on the ground is that things have been tense since the escalations of 2014. One of the domains that was heavily used before the full-scale invasion was the cyber domain. This is because it provided a reliable way of projecting force, providing disruption, and gathering intelligence without having to escalate things kinetically. Because of this, cyber attacks of various kinds have been used, as well as the judicious application of data breaches. In fact, cyber-attacks were used so prolifically before 2022, that their effect was actually minimized during the early stages of the invasion. 

Often when thinking of cyber attacks, the first thing that comes to mind can be denial of service attacks. While these attacks certainly are common in many aspects, for embedded infrastructure the required effect is often different, meaning that the tactics and strategies used tend to vary as well. This differing threat profile means that often the benchmark for success is different as well. It also means that in some instances disruption isn’t even a goal at all. Military Intelligence & Cyber Espionage are good examples of this, with hacks and social engineering techniques used to steal large amounts of data around weapons, technology development, and troop movements. 

Designed to disrupt or deny service to the Ukrainians, Russian cyber attacks had a large footprint in the early days. Part of this footprint included attacks on critical infrastructure sectors, like banking, human resources, and defence. In these early days, many pieces of technology were used, however, some of the more frequently seen were wiper malware, with many different types of malware used and campaigns of varying intensity applied. While looking at these attacks in detail is outside the scope of a single article, we’ve mentioned it for one reason and one reason alone. Which is that the targeting of civilian infrastructure in cyber warfare has already occurred. So the natural follow-up from this conversation should be about security and defensive strategies to counter this. 

Outside Europe

When considering some of these discussions, we should also understand that some of the factors that have influenced this have occurred outside of Europe. One of the best-known campaigns was the Stuxnet worm, designed to impede the progress of the Iranian nuclear weapons program. While the program wasn’t targeting civilian infrastructure as such, it is particularly noteworthy for being one of the first cyber campaigns to directly target embedded industrial control systems. The Siemens Primary Logic Controllers, which allowed for the enrichment of weapons-grade uranium were a key part of the weapons program and were ultimately the end target for Stuxnet. 

1*ChwXW3D5E2NbA5-8EpkNvQ.png

However while Stuxnet can generally be described as a success, several downsides eventuated as a result of these attacks. Most analysts generally agree that unleashing Stuxnet on the cyber domain led to a rapid escalation of cyber weapons in general, leaving a lasting change on the threat landscape and providing very real changes to the way warfare was conducted. It also showed a dramatic increase in the sophistication of cyber weapons that were used, leading to a new way of assessing and developing frameworks for cyber attacks and military intervention. 

Probably the biggest, and longest-lasting effect though was the general erosion of the accepted cyber norms that existed before that. While the potential for cyber warfare was accepted, it was unsure just how much that potential was able to be leveraged and where. Stuxnet put an end to that.

Looking At The Future

When you think of all the pieces of embedded infrastructure and industrial control systems a typical country needs to develop and thrive, on the surface the task looks pretty daunting. There’s power generation, mining and development, transportation and many other systems that to help bring about a modern, tech-savvy society. And while you’d be right in thinking it is a big task, the solution is actually pretty simple for the most part. Specialists. Lots of specialists. 

Unfortunately, some aspects of Cyber & Information security get a bad rap on the outside, for being boring, repetitive and requiring little overall skill. And if you were to simply look at life in a Security Operations Center, while you’ll find plenty of talented people you’ll also find the other points to be somewhat true as well. Really though the inverse is true, with both fields providing plenty of excitement and stimulation to those willing to look outside the normal positions. 

You’ll also find plenty of opportunities to test your skills too, as the shortage of cybersecurity specialists in many countries is well understood now. This means that people who specialise in a particular field (Malware Analysis & Industrial Control Systems in particular) will have plenty of opportunities to develop their skills before showing them off, leading to a (hopefully) full and engaging career. 

Short Reads with More Information

If you’d like to read more about securing embedded systems, industrial control and cybersecurity or the history of cyber warfare, the following free materials are a great place to start. 

The role of cyber weapons in Russia's war on Ukraine
Ukrainian officials say they have been fighting the first "hybrid war," in cyberspace and on the ground. A year in…www.npr.org
How Ukraine became a test bed for cyberweaponry
As Russian hackers face down Western spies, the country has become a live-fire space for hackers.www.politico.eu
How an Entire Nation Became Russia's Test Lab for Cyberwar
Blackouts in Ukraine were just a trial run. Russian hackers are learning to sabotage infrastructure-and the US could be…www.wired.com

Medium has recently made some algorithm changes to improve the discoverability of articles like this one. These changes are designed to ensure that high-quality content reaches a wider audience, and your engagement plays a crucial role in making that happen.

If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support me on Ko-fi: Investigator515

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!

🔗 Articles we think you’ll like:

  1. Software Defined Radio & Radio Hacking
  2. OSINT Unleashed: 5 Essential Tools for Cyber Investigators

✉️ Want more content like this? Sign up for email updates here

How do you rate this article?

17


Investigator515
Investigator515 Verified Member

I'm a professional investigator & osint analyst. I write on varying topics, usually focusing on cybersecurity, open source intelligence, counter surveillance and crypto. Follow our telegram feeds: https://t.me/investigator515 https://t.me/gimme_crypto


Investigator515
Investigator515

We write about cybersecurity, technology, managing your privacy and open source intelligence. We're passionate about giving people the tools they need to feel empowered by technology, not overwhelmed. Did we also mention we're straight up nerds at heart? Get the latest information on blog posts and production information via our telegram: t.me/investigator515

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.