Critical communication systems are a vital component of national security, critical national infrastructure and business environment, writes Chair Trevor Evans. He writes as chair of comms industry body TCCA’s Security and Fraud Prevention Group (SFPG).
TCCA’s Critical Communications Europe event runs at the Ricoh Arena, Coventry on March 12 and 13.
Any cyber-attacks on critical communication systems can have an immensely damaging effect, such as interference to emergency service operations, disruption of local government and transport systems or interruption in business operations of utilities or commercial organisations. It is paramount that these critical systems are reliable and available round the clock.
To ensure the continued availability and reliability of critical communications systems, any security threats should be taken seriously, and measures put in place to mitigate these threats. The first step to ensuring the protection of critical systems is to identify the different types of security threats that are likely to lead to attacks and interference with these systems so that the appropriate measures and processes can be adopted.
The advancement of technology gives cyber criminals such as hackers, cyber thieves, corporate and malware mercenaries more opportunities to carry out compromising security hacks against the technology used to operate critical communications systems. Understanding the main differentiators and behaviours of each of these different types of cyber criminals is key to predicting and mitigating potential security attacks. Cyber-attacks can be categorised based on the motivation of the culprits for carrying them out.
Hacktivists usually have an agenda for carrying out cyber-attacks which are often motivated by the challenge and ensuing bragging rights of achieving such feats, or even for political reasons such as illegally acquiring and leaking sensitive government information to induce international conflict. Fraudsters come in various different forms ranging from low-level unsophisticated hackers to malicious cyber thieves belonging to criminal enterprises looking for financial gain, such as by selling stolen sensitive information or modifying financial information for their own profit. Some cyber criminals seek to profit by disabling or locking the hacked system, and demanding a ransom before the owner is able to make use of the system or retrieve data stored in the system.
Corporate espionage is the practice of corporations, sometimes with state backing, using espionage techniques to gather intelligence from their competitors for commercial gain. This includes hacking into the networks of businesses and gaining access to their computers to steal confidential information or commercial trade secrets.
Criminals have an interest in disrupting emergency service communications, to impede response against criminal activity. If emergency service communications can be eavesdropped, criminals can take action to avoid detection. Terrorist groups can attempt to disrupt or intercept communications to aid an attack on society itself, and to incite civil unrest.
Proactive protection
Economics sometimes result in some critical communication organisations using older equipment, which can make them more vulnerable to cyber-attacks. It also doesn’t help that individuals as well as state-backed cyber-attackers are becoming more sophisticated, increasing the threat to well maintained communication systems. One of the biggest challenges faced by an organisation is understanding the nature of the threats against its communications systems, which sometimes only leads to a reaction once communications have been affected, by which time it is too late. This in itself is one of the largest challenges that the organisation faces.
To protect against cyber attacks, a dual approach is needed: defensive mechanisms need to be installed and regularly updated to defend against such attacks, and real time security monitoring is necessary to identify attacks or anomalies when they occur to allow a response. This should be combined with processes that include training of operational personnel to identify and avoid threats (such as phishing attacks), and regular security testing (e.g. penetration testing) to identify weaknesses in the organisation.
Thus it is essential that organisations proactively develop a comprehensive threat, vulnerability and risk assessment from which a comprehensive security policy and information management regime can be developed to counter the perceived threats.
A defined security process is key.
Whilst the aforementioned types of cyber criminals and their motivations for carrying out such attacks may differ slightly, they do however have a similar type of modus operandi. In the first instance they tend to inspect the target’s network for any vulnerabilities to exploit, identifying access points that can be used as point of attack, and identifying opportunities to install malware which may provide unauthorised access and retrieval of data. Such foreign malware is often hard to detect and only found when damage is caused. Therefore a range of protection and monitoring tools is essential, from anti-virus and intrusion detection systems, to careful configuration and monitoring of software installed on equipment providing the communications service.
Best practices for proactively mitigating and keeping cyber threats at bay include, but are not limited to:
Protection of the network by defensive techniques such as firewalls
Intrusion detection systems
Identifying the locations of critical data, and ensuring measures are taken to restrict access to persons or processes that need to use that data
Encryption of communications and static data
Having a robust authentication system for users of the system
Ensuring that hardware and software is configured to only permit essential services to operate, and ‘locking down’ operating systems
Installing and routinely updating anti-virus software
Periodic security audits and tests such as penetration tests
Security operating processes that cover both day to day operation and the actions to be taken in event of attacks; and
Training of all personnel to understand how to react to threats to the system.
There is always the possibility of serious cyber-attacks to the critical communication systems used by government and public services, and due to the nature of work of these communities, it is absolutely paramount that the security of these networks is maintained. The key to protecting critical communication systems is being proactive, and ensuring that appropriate protective measures, monitoring systems and processes are in place. Protection, monitoring, testing and training are all necessary parts of the measures needed to keep cyber threats at bay.
This article was authored by TCCA’s Security and Fraud Prevention Group (SFPG). For more information about the work of SFPG, please contact the chair Trevor Evans via [email protected]. For more about TCCA visit www.tcca.info.
