Colonial Pipeline attack highlights need for new thinking in network security
The ransomware attack on the Colonial Pipeline is already having serious impact on the economy with gas shortages throughout the southeast and an increase in prices around the country. We can only hope the impact is short-lived and not catastrophic.
The lesson learned (again) is that network security around virtually every business’ critical infrastructure is fatally flawed. We need to change our approach for a world of increasingly sophisticated attacks and incredibly well-funded adversaries.
For a ransomware attack to succeed, it almost always relies on a trusted employee of the organization doing something wrong, often against required security rules. The best network-security technology can’t overcome inadvertent or deliberate insider threats that have legitimate access privileges on the network.
The flaw in our network designs
The fatal design in most of our networks is that trusted insiders can end up having virtually unlimited access throughout the network because of the limited security once internal systems have been compromised. Too often the malware spreads like wildfire from system to system until critical systems and data are stolen, encrypted or compromised.
Why is this lateral spread allowed to happen? Why, if one user clicks on one malicious link in an email, should the entire network be compromised? Why should a system in the accounting department ever be allowed to modify the control systems that run the power grid, chemical plant, water treatment facilities or pipeline?
The vulnerabilities have been exacerbated in recent years with the disappearance of the traditional airgap between critical industrial-control systems and infrastructure and the rest of the IT network. Everything is now connected. Everything is reachable by hackers. The traditional network perimeter, enforced by firewalls and VPN’s, is also disappearing as data and processes have to be shared with partners, remote employees, the cloud and vendors. Everything is now open. And traditional security approaches have failed us in this new environment.
Unique challenges for OT networks
The usual security solutions for IT networks have also proven to be ill-suited for real-world operational networks, including industrial-control systems and IoT sensors. These legacy systems don’t have the same bandwidth or networking capabilities that can work with or bolster defenses. They may be largely unmanaged or in lights-out operations and are proving to be the most vulnerable entry points for many of the recent attacks in the news.
Even if you could implement desired security policies with legacy security solutions, you have to be perfect. Few organizations are perfect. Mistakes are definitely going to happen. Networks are just too complex, device management too tedious, and IT organizations too understaffed. As a result, more and more organizations are now realizing that they have to move to a Zero Trust model of network security that can mitigate the spread of malware and limit the damage when an internal system is compromised, or a trusted user goes rogue. Zero Trust is less of a technology, and more of a policy approach, to ensure the network is as locked-down and resistant to intrusions as possible.
Is Zero Trust the answer to ransomware and other attacks?
With a Zero Trust network architecture, you can specify exactly which systems and applications every user and device can legitimately connect to, and you can block everything else. When the accounting department is compromised, you still can’t reach the manufacturing line or the power grid. The best part is that with all this additional security and communication paths being locked down by default, Zero Trust can actually be a lot easier to manage and less expensive to deploy.
Zero Trust relies on identity-based rules to authorize access, which aligns easily with intended security policies. No more figuring out what subnet masks correspond to which security policies and how hundreds of firewall rules actually impact application access. Zero Trust leverages the best technology from software-defined networking, which helps automate application deployments and network management and now applies it to security-policy orchestration. There is less tedious work required by network admins resulting in fewer errors and fewer vulnerabilities.
In February, the National Security Agency issued guidance for moving to a Zero Trust security model across the Federal Government to help mitigate advanced threats and malicious nation-state actors. The same urgency needs to be taken by the nation’s critical infrastructure from our energy grid, pipelines, water-treatment facilities, communications grid and more.
There’s too much at stake.
The threats are too real. The rewards for attackers are now too enticing. Zero Trust, when implemented properly and tuned for the environment and needs of each particular organization, can be a cost-effective, reliable defense going forward.
Gary Kinghorn is Tempered Networks marketing director