Getting cybersecurity right for Critical National Infrastructure: Lessons from South Staffordshire PLC
Just last month it was revealed that South Staffordshire PLC – a water supplier for approximately 1.6 million residents in South Staffordshire and Cambridge, known as South Staffs Water – had fallen victim to a cyberattack. The breach of a company this size could result in large-scale disruption and, if successful, cybercriminals may have been able to affect its ability to supply safe water to households across the UK. It is a worrying example of how cyber incidents could have dangerous real-world results.
However, the organisation issued a statement to reassure customers it was only its corporate IT network affected. It also claimed that it would still be able to ensure the safety and consistency of the water supply “thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis.”
Fortunately, South Staffordshire PLC was able to contain the breach and protect over one million UK residents in the process. For other organisations that form part of the UK’s Critical National Infrastructure (CNI), important lessons can be learnt from this incident.
Network segmentation and zero trust
CNI is an attractive target for criminals who look to cause the maximum disruption in order to reap the greatest reward. For security teams in these sectors, they must first understand what and where their most sensitive data is and how this should be protected. Encrypting information is a good starting point, but it is not impossible for a sophisticated hacker to crack. In fact, encryption can even be used against the defender. In the case of ransomware, cybercriminals may encrypt already encrypted files and hold them hostage until ransom is paid.
Therefore, network segmentation is crucial. Not just in CNI, but for any industry, it is important businesses avoid a flat network architecture and ensure well-defined separation policies. Therefore, one compromised device won’t necessarily allow a hacker to move laterally and affect the whole network. And in the case of South Staffordshire PLC, network segmentation meant a compromised IT network wouldn’t affect the technology managing water supplies.
A similar approach applies for access controls. If every member of an organisation has access to every file, and can move through a server unquestioned, this can pose a risk in the case of a breach. Instead, it is important trust is earned rather than freely given, and access is only provided when users can prove their identify with multi-factor authentication. This strategy forms part of a zero trust framework, which should be a key consideration for security teams in CNI industries.
Quick incident response
Alongside robust, segmented systems, a quick team response was cited by South Staffordshire PLC as critical to ensuring its operations could continue. Identifying, analysing, and addressing a breach fast can be the difference between a few days of disruption, and months of recovery and a significant loss of revenue. Therefore, it’s important that advanced threat detection and response solutions are running continually, as well as logging/monitoring tools to enhance visibility and control.
Although threat detection and mitigation can be achieved in-house, outsourcing a Security Operations Centre (SOC) to a trusted cybersecurity partner is becoming increasingly popular for industries most at risk – like CNI. Providing 24/7/365 threat monitoring and response, the aggregate value of seasoned security experts means better understanding of the ever-evolving threatscape. What’s more, working with experts that have been through the process repeatedly will significantly speed up remediation times, and ensure that a cyberattack does not result in huge disruption for an organisation and its customers.
Find out how the CREST accredited DigitalXRAID SOC service can help you protect your business from cyber attacks.