Until recently, the term critical infrastructure protection was associated primarily with the physical protection of critical infrastructure facilities exposed to external forces, in particular natural disasters and terrorist attacks. Today, this problem includes not only the planning and implementation of physical security measures, but, above all, prevention and countering threats from cyberspace.
Today, cyberspace provides access to key services and information determining the functioning of the state, and operators serving citizens are the ideal target for hacker attacks. Aware of the growing threats, the Sii Poland team, consisting of more than 50 experts from the Cybersecurity Competency Center, is carrying out projects aimed at ensuring the security of the resources of these organizations.
Energy sector and cyberattacks
As critical service providers, energy companies are of particular interest to cybercriminals and can be the target of their attacks. In addition to those aimed at obtaining financial benefits, these organizations can also be at risk of attacks targeted at the critical infrastructure of the state, bearing the hallmarks of terrorist acts. They are likely to lead to the provider’s exclusion or temporary suspension of their services and, as a result, general destabilization. Loss of data, release of confidential information or disruption of the continuity of operations in this case are the measurable cost for public service companies.
– The growing scale of the threat makes organizations think not about whether they will fall victim to an attack, but when it is attempted, how to protect themselves from it and, above all, what to do when it proves effective – says Jarosław Lakutowicz, Director of the IT Operations Competency Center at Sii Poland.
Security systems in the energy sector
Not that long ago, industrial control OT systems were completely isolated and worked in a closed circuit. This provided maximum protection against unauthorized access and attacks through vulnerabilities in client applications, web pages or office systems.
With digitalization in the energy sector, measurable benefits of integrating OT systems with IT systems have been recognized. This has resulted in better control over all processes and improved the effectiveness of safety monitoring, enabling faster diagnosis and response to industrial system failures. In consequence, there came an opportunity to use, on an unprecedented scale, the huge potential of data that could help in the development and implementation of the company’s business goals. However, connecting industrial control systems and IT systems required the creation of a coherent, comprehensive security system at all levels of security management in the organization.
It turns out that even simple customer applications, available on the internet portals of energy companies, can open the door to taking control over advanced, complex industrial control systems. Through loopholes in shared applications, hackers can access servers, networks and OT systems. This means that effective monitoring of threats and potential attacks and making appropriate decisions in response to any undesirable events in systems should be paramount.
Adequately performed security tests of the applications to be connected to the network, in addition to regular audits of the key service, in accordance with the Act on the National Cybersecurity System, allow the identification of potential threats and, in the future, development of an effective risk-reduction strategy.
– In the world where IT tools are used to communicate with the client, it is worth remembering about testing everything we make available on the internet, in particular eBok solutions, fare calculators or other client applications – says Dawid Jankowski, Cybersecurity Competency Center Manager at Sii Poland. — It was thanks to the application security tests conducted by us in one of the largest energy groups in Poland that it became possible to implement the necessary improvements to the system, increasing its security and resistance to cyberattacks – the expert adds.
Meticulously planning and then performing application security tests is a relatively low-cost undertaking, with tangible benefits in the form of a well-secured infrastructure.
Cybersecurity became particularly important in the era of pandemics when there was an urgent need for a complete shift to the remote work model. Companies operating in different sectors had to face unprecedented challenges. Among the problems requiring immediate intervention from employers were dangerous habits of employees, the use of equipment of different quality or the need of many users to connect to the VPN network at the same time.
— Very often security incidents are a result of the ignorance of employees who are subjected to hacker attacks. Therefore, awareness-raising should be a priority for all organizations, regardless of the specifics of their operations. Recently, our trainers have conducted a dozen of these types of trainings addressed to people from various industries, discussing potential cyber threats, as well as presenting methods for protecting the IT environment from unauthorized access and preventing information leakage — says Dawid Jankowski.
In addition to supporting clients by testing the security of applications and systems or raising awareness of employees, experts from the Cybersecurity Competency Center carry out projects concerning implementation, development and maintenance of SIEM, DLP and endpoint security systems, among others. Being part of SOC teams, Sii engineers provide comprehensive security services both at the client’s site and remotely.