Ensure Availability &
Stop the ICS Cyber Kill Chain

A Non-Technical Guide to Breaking the Cyber Kill Chain to Protect Industrial Control Systems and Critical Infrastructure

Introduction

Critical infrastructure that provides the foundation of our public utilities, communications, transportation, and manufacturing systems enables modern society. These systems play a vital role in ensuring a nation’s well-being, security, and economic prosperity. However, critical infrastructure is under constant threat from sophisticated cyberattacks. Hackers notoriously use what is known as the Cyber Kill Chain. This is a series of steps that the bad actors follow to compromise critical infrastructure. The industrial control systems are especially hit hard, posing a significant challenge to the security and resilience of these vital systems. 4INTRODUCTION By adopting advanced, non-disruptive security measures that are easy to manage and implement, organizations can strengthen their defenses against a range of cyber threats and ensure the continued operation of their critical infrastructure. This white paper aims to educate industrial security leaders on the need to enhance critical infrastructure resilience by breaking the kill chain of cyberattacks using a modern approach to industrial security. This paper proposes a comprehensive, simple solution ensuring security, safety, and efficiency.

Security And Resilience Are Interdependent

Ensuring the resilience of critical infrastructure is of utmost importance to both commercial enterprises and consumers alike, as it guarantees the continuous and reliable operation of vital systems and services that underpin modern society’s daily functioning. The resilience of these systems is intrinsically linked to their security, as disruptions caused by security incidents can have far-reaching consequences, ranging from financial losses and reputational damage to potential threats to public safety.

Recognizing this interconnectedness, the National Institute of Standards and Technology (NIST) has established guidelines emphasizing cyber resiliency engineering. Cyber resiliency engineering integrates systems security engineering and resilience engineering to develop reliable, secure systems capable of anticipating, withstanding, recovering from, and adapting to adverse cyber events.1

Security Is Key To Resilience

A key aspect of achieving resilience is implementing robust security measures that protect the infrastructure from threats and minimize the impact of incidents when they occur.

The ramifications of poor security in critical infrastructure can be severe, endangering public safety, as evidenced by disruptions to energy distribution, water treatment, or transportation systems.2 Given the high stakes involved, it is essential to prioritize security as a means of bolstering resilience.

ICS Cyber Kill Chain: What It Is And How It Compromises Critical Systems

"Kill chain" is a military term that refers to a series of steps an attacker must complete to carry out an operation successfully.3

In the context of cybersecurity, the cyber kill chain framework is used to describe the various stages an attacker goes through to successfully compromise a target's critical infrastructure (see Figure 1).4

ICS Cyber Kill Chain Graph

Based on Lockheed Martin’s Cyber Kill Chain® framework

Examples of kill chain incidents in critical infrastructure include the Stuxnet attack on Iran's nuclear facilities, the Ukrainian power grid cyberattack, and the Triton attack on a petrochemical plant that affected numerous organizations worldwide (see Figure 2). These incidents demonstrate the severe consequences of a successful kill chain, ranging from operational disruptions and financial losses to threats to public safety and national security.5,6,7

OT Security Kill chain incidents infographic

Source: Britannica, Atlantic Council, MIT Technology Review

Challenges In Preventing The Kill Chain

The modern era presents numerous challenges for securing critical infrastructure, which arise from the evolving nature of technology, the expanding attack surface, and the growing sophistication of cyber threats.

Some of the most significant challenges faced by organizations responsible for critical infrastructure include:

Increasing surface of attack

The merging of IT and OT systems, the widespread use of IoT devices, and hybrid work environments create more chances for attackers to exploit weaknesses.

Connected devices illustration

More than 100 million connected devices

Key sectors with over 100 million IoT devices connected presently include power generation, gas, and water and waste management.8

Human error

Employees can unintentionally expose systems to threats by clicking on phishing links, using weak passwords, or not updating security, while attackers may target them for system and data access through manipulation tactics.

Failure of compliance illustration

67% failed to comply

Almost 70% of polled employees indicated they did not completely comply with cybersecurity protocols at least on one occasion, with an approximate non-compliance rate of one in every 20 work assignments.9

Outdated, unfixable systems

Critical infrastructure organizations often depend on old, unsupported systems that can't be updated to address current security risks, making them easy targets for attackers.

old systems illustration

7 to 10 years old systems still in operation, creating security risks

Manufacturers typically offer support for legacy hardware and software for 7-10 years. However, obsolete operating systems and an inability to update vulnerable systems can create security risks for IIOT.10

Source: Security Industry Association

Inadequacies of traditional security

Conventional security measures like industrial firewalls, intrusion detection, and antivirus software struggle to keep pace with evolving threats, are challenging to manage, and may not protect against advanced attacks.

not confident with existing solutions illustration

40% are not confident with existing solutions

The level of confidence in their company's current access security solution was low for 40% of the respondents.11

Source: Statista

Expertise shortage

The cybersecurity field faces a significant skills gap, making it hard for organizations to maintain the required in-house knowledge to tackle emerging threats and vulnerabilities.

skills shortage illustration

59% face cybersecurity challenges due to skills shortage

More than half of the surveyed cyber leaders revealed they find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team.12

Source: Global Cybersecurity Outlook 2022

Given these challenges, organizations require a new approach to industrial security that simplifies the processes, addresses the unique requirements of critical infrastructures, and offers effective protection against the evolving threat landscape.

A Practical Approach To Industrial Security

Organizations must embrace a more modern, simple, and comprehensive approach to industrial security to overcome the challenges of securing critical infrastructure. This new approach involves several fundamental principles and actionable steps, including:

Simplify

Gartner advises that organizations should rethink their security technology stack to better address sophisticated new threats.13

By adopting a unified security solution instead of multiple disparate ones, organizations can simplify their security infrastructure, minimize potential vulnerabilities, and streamline management. This approach leads to a more effective security posture, without the added complexity of managing multiple solutions such as industrial VPN routers and firewalls.

Authenticate

Restricting access to resources using identity is essential for securing critical infrastructure. Authenticate By adopting a unified security solution instead of multiple disparate ones, organizations can simplify their security infrastructure, minimize potential vulnerabilities, and streamline management. This approach leads to a more effective security posture, without the added complexity of managing multiple solutions such as industrial VPN routers and firewalls.

Organizations can enforce strong authentication and authorization policies by implementing a zero-trust security model, such as using a software-defined perimeter (SDP) solution with phishing-resistant multi-factor authentication (MFA), which ensures that only authorized users and devices can access sensitive systems and data.

Orchestrate

Comprehensive visibility and control over all elements of the critical infrastructure environment are crucial for maintaining a strong security posture.

Deploying robust management solutions can enable organizations to monitor and control all assets, including gateways, endpoints, users, and agents. This ensures that security policies are consistently applied and enforced.

Set controls

To further enhance security, organizations should implement granular control measures to define and enforce access policies for different groups, services, and proxies.

This level of control helps ensure that users and devices can only access the resources they require to perform their job functions, reducing the potential for unauthorized access and data breaches.

Cloak

Creating a virtual boundary around critical infrastructure helps hide it from potential attackers, making it more difficult for them to identify and exploit vulnerabilities.

By leveraging software-defined perimeter technology, organizations can create a virtual perimeter around their critical infrastructure, effectively "cloaking" or hiding it from outsiders and reducing the attack surface.

Organizations can utilize the latest technology to enhance their security posture by following these guidelines and easy-to-follow steps as a foundation.

Stop The Kill Chain Using BlastShield: A Practical Industrial Security Solution

BlastShield™ is the only peer-to-peer software-defined perimeter (SDP) security solution for operational technology. BlastShield provides a powerful and effective means of protecting critical infrastructure.

Built on the principles of zero-trust security, BlastShield offers a comprehensive approach to industrial security that simplifies the process, enhances resilience, and ensures operational efficiency (see Figures 3, 4, and 5).

graph showing the complexities of traditional industrial security solutions in OT security

Simplifying industrial OT security with BlastShield graph

Blastshield's practical approach to critical infrastructure OT security graph

BlastShield makes it easy for trusted users to access the company’s network while making it hard for unauthorized or suspicious people or malware to get into the network. BlastShield also offers a single interface to manage all industrial systems and applications in a practical manner and hide them from attackers.

How to use BlastShield to stop the cyber kill chain: A step-by-step guide

BlastShield's simplicity and practicality make it a top choice for organizations seeking comprehensive security solutions for their critical infrastructure.

The easy steps to deploy BlastShield for OT security

This streamlined approach to security management saves time and resources while ensuring comprehensive protection for critical infrastructure.

Protect legacy infrastructructure and critical assets with BlastShield

By adopting BlastShield, organizations can effectively address the challenges they face, simplify their security stack, and enhance their systems' resilience and operational efficiency. In doing so, they can better protect their critical assets and the communities they serve from the ever-evolving threat landscape.

Shield Illustration

Protects legacy control systems

BlastShield offers a robust security solution specifically designed to protect aging and unpatchable legacy industrial systems, addressing a significant challenge faced by many critical infrastructure organizations.

Lock Illustration

Simple SCADA and ICS security

By focusing on simplicity and effectiveness, BlastShield provides comprehensive protection for industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems, disrupting the kill chain of cyberattacks and preventing threats before they can cause damage.

dollar sign illustration

Significantly reduces security costs

BlastShield helps organizations cut security costs by up to 70%, streamlining the security stack and consolidating various security technologies into a single, unified solution.

prevent illustration

Prevents attacks before they happen

BlastShield enforces a proactive approach to security by implementing phishing-resistant multi-factor authentication (MFA) and mutual authentication, cloaking devices to make them undiscoverable on the network, and protecting critical assets and legacy infrastructure to stop lateral attacks.

layers illustration

Simplifies the OT security stack

BlastShield replaces multiple traditional security technologies, such as VPNs, firewalls, and access control lists (ACLs), simplifying the security stack and making it easier to manage and maintain.

Unintrusive implementation

Organizations can easily integrate BlastShield into their existing infrastructure without experiencing significant downtime or workflow interruptions.

Moreover, BlastShield is designed for easy installation on Windows; Debian, ARM, and RPM based Linux distributions; and macOS, ensuring compatibility with various systems and devices used in critical infrastructure environments.

Conclusion

As we move towards an increasingly digital and interconnected future, it is crucial for organizations responsible for critical infrastructure to prioritize security and resilience.

By adopting innovative security solutions like BlastShield, these organizations can ensure the continuous and reliable operation of vital systems and services, safeguarding our communities, and fostering a more secure and resilient future.

BlastShield offers a powerful and practical solution for organizations seeking to enhance the resilience and security of their critical infrastructure. By leveraging software-defined perimeter technology and embracing the principles of zero-trust security, BlastShield provides a simple, effective, and cost-efficient way to protect critical systems and disrupt the kill chain of cyberattacks.

About BlastShield

Founded in 2017, BlastWave's mission is to protect critical infrastructure like manufacturing, energy, and water treatment. Our flagship product, BlastShield, helps industrial and SCADA environments avoid unplanned downtime and collapses the security stack into a single product, eliminating jump hosts, VPNs, extra firewalls and ACLs, data diodes, unidirectional gateways, thus, reducing costs by up to 70%. BlastShield is the world's only peer-to-peer software-defined perimeter purpose-built for OT devices like PLCs, HMIs, SCADA servers, etc., that are often unsupported and cannot be patched. BlastShield allows customers and vendors only to access and see what they are authorized to access, delivering granular remote access and segmentation in a way that cloaks critical assets as undiscoverable.

Contact Us

If you are looking to strengthen your organization's security infrastructure, BlastWave is here to help with our industry-leading solution, BlastShield. Please don't hesitate to contact us for more information and inquiries or to schedule a personalized demo. Our team of security experts will assist you in fortifying your critical infrastructure against potential threats.

Palo Alto CA 94301 United States

info@blastwave.com

650-206-8499

www.blastwave.com

References

1SP 800-160 Vol. 2 Rev. 1—Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-160/vol-2-rev-1/final

2The Safety and Security of Critical Infrastructures. ESA Space Solutions.
https://business.esa.int/news/safety-and-security-critical-infrastructures

3Options for Fielding Ground-Launched Long-Range Missiles. Congressional Budget Office.
https://www.cbo.gov/publication/56143

4The Cyber Kill Chain. Lockheed Martin.
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

5Stuxnet. Britannica.
https://www.britannica.com/technology/Stuxnet

6Ukraine struggles to repair power grid as Russian airstrikes continue. Atlantic Council.
https://www.atlanticcouncil.org/blogs/ukrainealert/ukraine-struggles-to-repair-power-grid-as-russian-airstrikes-continue/

7Triton is the world’s most murderous malware, and it’s spreading. MIT Technology Review.
https://www.technologyreview.com/2019/03/05/103328/cybersecurity-critical-infrastructure-triton-malware/

8Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022 to 2030. Statista.
https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

9Research: Why Employees Violate Cybersecurity Policies. Harvard Business Review.
https://hbr.org/2022/01/research-why-employees-violate-cybersecurity-policies

10Legacy Systems: Rip and Replace or Keep Them Going? Security Industry Association.
https://www.securityindustry.org/2022/10/14/legacy-systems-rip-and-replace-or-keep-them-going/

11How confident are you that your current access security solutions can effectively enable employees to work remotely in a secure and easy manner? Statista.
https://www.statista.com/statistics/1359587/confidence-on-global-remote-work-access-security-solutions/

12Global Cybersecurity Outlook 2022. The World Economic Forum.
https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf

13Top Trends in Cybersecurity for 2022. Gartner.
https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022

Ensure Availability Whitepaper

Download our white paper today!

Understand how BlastShield™ offers a simple, effective, and cost-efficient way to protect against cyberattacks.

Our Privacy Policy applies.