The new battlefield in the war between Russia and Ukraine shows how cybersecurity tactics have changed over time, which has changed the overall attack plan. Cyberwarfare, geopolitical cyber threats, which was once thought of as a secondary tool in times of war, is now a meaningful way to start a fight against an opponent.
Cyber assets like remote access tools (RATS), keyloggers, and rootkits could be used on non-essential hosts during the early stages of a battle plan. Before the battle even starts, these tools are already in place. Even with the most up-to-date cyber tools, some dormant attack tools could go unnoticed for years. EDR, XDR, and anti-virus updates are some of the devices. There are many threats out there that could change the war’s outcome before a single shot is fired. They include social media propaganda, social engineering targeting, and phishing emails.
Compared to real military hardware, the attacking forces reveal their abilities, tactics, and expected results, which makes the battle predictable and easier to plan for. Cyberattacks complicate the conflict in a way that is hard to predict.
Instead of having soldiers and weapons fight, the battle isn’t done with them facing each other. Cyberwarfare made it possible for a virtual army of fighting resources to come from worldwide. Regional security alliances, global terror groups, and cybercriminals for hire can fight on any side in the digital world in just a few minutes, and they can do so on any side. Sometimes, these virtual cyber warriors could change their allegiances at any time.
Predicting the Unpredictability?
Microseconds measure how long the infrastructure can last after the battle starts. Because many countries don’t have the infrastructure or plan to fight back against cyberattacks, they can’t fight back. As reported by Reuters, the President of Ukraine asked for help from the cyber underground in Kiev to help strengthen the country’s cyber defenses, which is what Reuters said. It shows how urgent Ukraine is to deal with the early cyberwarfare tactics that Russia used to win. The war had its ups and downs, but now rogue hacker groups that their government was hunting have become the stopgap to save their own country.
Anonymous, a well-known group of hackers worldwide, joined the fight by directing their resources toward several Russian targets. Having Anonymous join the battle as a third-party participant made the war more complicated and hard to understand. Anonymous: did they participate for the good of Ukraine, or only for their ideology? When the cyber-for-hire warriors switch sides, what hacking tools could they leave behind in the networks of their current sponsor? This is a fundamental question.
Attack on the Country’s Lifeblood
Attacks on critical infrastructures, such as water control systems, power grids, and national computer networks, are not known. Most of these industrial control systems live in closed-loop air gap networks that are very difficult to get into from outside of them.
According to a survey in CisoMag, 84 percent of businesses have IoT devices on their networks, but more than 50 percent don’t take the necessary steps to keep them safe. Many IoT/OT/ICS devices don’t have enough space to run traditional IT security prevention tools. Most firmware devices focus on how the component works, but they don’t have a lot of built-in security protection. These devices were usually part of a closed-loop network or an air gap in the past. These networks were not connected to other networks outside or inside the company. There were two ways to get into these devices: at a local terminal or by plugging them into a serial port right away.
Protecting physical infrastructure is changing a lot. OT/ICS systems have been in a closed-loop network for a long time, but they need to communicate outside their safety zone. There has been a significant rise in analytical data and the Internet of things. These devices have moved up from the Purdue manufacturing model to a level that allows them to communicate with other devices. These platforms haven’t been a target for traditional IT threats until now. This is how it worked: These industrial control infrastructure support teams spent more time ensuring these specific control units worked and less time learning about cybersecurity threats.
The SECOPS and NETOPS team learned early that business and technology requirements for traditional IT and OT didn’t always translate into the same security strategy or operations procedures for these two types of technology. OT systems need a lot of planning and execution to do firmware updates and downtime. Most of the OT systems in legacy systems have very few problems, and they are very available, just like the IT systems from a long time ago.
Is today’s SECOPS workflow possible to start with detection, then respond, and protect these assets correctly right after a cyber attack? Mostly, no.
Predictable Adaptive Control in OT/ICS/IoT
For the new battlefield to be safe, OT/ICS/IoT systems need to be kept separate from each other to ensure that the system will be able to stay up and keep working while still providing the service that the device is supposed to do. If you live in a place where you can isolate, contain, and deliver a next-generation level of security by setting up a predictable protective zone with the ability to have an outbreak, you’ll be happy.