How digitalisation affects cybersecurity
by Tina Siering
Critical infrastructure in focus: the importance of the NIS2 directive
The expansion of new network infrastructures - from fibre-optic connections to 5G mobile networks - should be completed by 2030 at the latest, according to Germany's digital transformation strategy. In the near future, therefore, significantly more bandwidth will be available than is still the case today, which in turn means that once again significantly more devices will communicate with each other. In addition to the significantly increased bandwidth, concepts are currently emerging around data storage and processing in the cloud, summarised under the title "German administrative cloud strategy". Two strategies that are still in their infancy - and do not even take into account completely new technologies such as IPv6 or GenAI (generative artificial intelligence).
IT security teams currently have to focus on current threats and run the risk of losing sight of the cyber threats of the near future. Major cybersecurity challenges include:
- IoT devices will produce more and more data. Endpoints are often integrated into corporate networks. For optimal protection, the devices should be operated in specially separated network segments.
- The importance of IoT components as separate systems connected to the network will again increase significantly.
- Industrial protocols that previously networked larger industrial plants will be replaced by separate network segments.
- In the future, IoT device groups will be connected to external networks by a central component. Communication within a federation of IoT devices will primarily take place in sparse or compartmentalised networks.
- Geographically distributed or mobile IoT endpoints will communicate with each other via IP protocols over the internet. At the same time, additional protection of the individual components will still be necessary.
What does this mean for cybersecurity? The digital transformation will define completely new framework conditions for the area of IT security. Security teams must therefore already take into account the developments of the near future and prepare for the new challenges.
In the focus of attackers: Operational Technology
Operational technology is the term for hardware and software solutions that can monitor, regulate and control industrial control systems. OT, as it is abbreviated, is already used in the manufacturing industry, the utilities sector or in the energy, oil and gas sectors. In recent years, more and more OT systems have been connected to the IT networks within plants to collect data directly where it is generated - at the production machines, at plants and equipment. The collected data is worth its weight in gold for companies - after all, it serves as the basis for analyses and thus strategic, digitally supported business decisions. However, the connection of OT with the internet also opens up new options for cyber attackers:
- They can use ransomware attacks to infect and encrypt OT systems. In this way, the attackers gain control over production facilities or critical infrastructures. A successful ransomware attack, especially on OT systems, can not only lead to considerable financial losses, but also severely disrupt production - or even affect the safety of the population.
- Sabotage attacks can completely paralyse critical infrastructures, tap secret business data or be used to enforce political goals.
- Advanced Persistent Threats nest permanently in corporate networks - no longer "only" in IT systems, but also directly in production environments.
One of the main tasks of IT security is therefore to effectively secure OT environments. One of the most fundamental tasks here is certainly the reliable protection of all endpoints used - and this against both external and internal threat scenarios - keyword social engineering. For this to succeed, the security of OT environments must be guaranteed by clearly defined policies and procedures. With the so-called governance model, roles and responsibilities can be precisely defined in the event of a successful attack. This in turn reduces reaction times. Furthermore:
- Remote access must be managed centrally. VPN access to corporate IT, in particular, must be kept in view of security.
- User access must be optimally secured. Multi-factor authentication and privileged access management are mandatory for access to critical systems.
- Networks must be scanned continuously. In this way, existing vulnerabilities can be identified and eliminated in a timely manner.
- Guidelines such as the DSGVO or NIS are consistently adhered to. This is indispensable for a strong cybersecurity governance system.
APT in networked environments: These dangers lurk
Advanced Persistent Threats are a category of cyber threats characterised by complexity, multi-stage attack methods and longevity. By combining various attack techniques, including malware, social engineering and zero-day exploits, attackers conceal their activities and, in the worst case, remain undetected for months or years. APTs usually target high-value organisations, such as large corporations, government agencies or critical infrastructure. The main reasons why cybercriminals can still operate successfully in corporate networks far too often are non-isolated OT networks, inadequate protection of OT resources, faulty or insufficient configurations of deployed security solutions, the human factor - and a peculiarity in the area of security updates. While IT systems can be patched or updated quite quickly and during operation, corresponding patches/updates must be carefully tested before implementation. In addition, many security gaps can only be closed during upcoming maintenance work - or an update makes it mandatory to upgrade all connected devices. A time-consuming, expensive affair. And the perfect opportunity for cyber criminals to exploit known vulnerabilities for initial infiltration of OT systems.
Conclusion: Thinking about tomorrow's challenges today
Standard IT technologies are also widely used in production environments, critical infrastructures and public administration. The known vulnerabilities are joined today - and even more so tomorrow - by numerous new gateways for cyber criminals. In order to permanently ensure the security and availability of process plants in a company, solutions are required that comprehensively and permanently secure industrial systems and networks. Together with our partner bluecept, our IT security consultants support you in the development and implementation of a comprehensive concept for your industrial security area. We would be happy to advise you in detail in a personal meeting on our options to also protect your company against system failures, to avoid physical damage and expensive recalls and to reduce the insurance premium of your cyber insurance by providing evidence of a high level of protection.