Three Consequences of Not Testing Your System Under a Cyber Attack
Posted July 7, 2020
As cyber attacks become more frequent and sophisticated, the potential for them to cause serious damage also increases. Cyber attacks take many forms: distributed denial of service (DDOS), eavesdropping, jamming, viruses spread by malicious email attachments and drive-by downloads, Trojan, spyware, rootkit, spear phishing. Each of these attacks can cause degraded operations, compromised missions, financial loss, and reputational damage. According to a study done by Varonis, 80% of consumers will defect from a business if their information is compromised in a breach, and 65% of data breach victims will lose trust in the organization.
Understanding how a specific cyber attack will impact your network can help mitigate risks. For instance, these common types of attacks have severe consequences on network operations:
- Attacks on confidentiality, which steal confidential information
- Attacks on integrity, which alter or corrupt sensitive data critical to the organization’s operations
- Attacks on availability, which prevent system operators, end-users, or customers from accessing critical system components, including network resources and stored information
However, just understanding the types of attacks and their potential damage isn’t sufficient. To fully protect and defend your network, it is essential to focus on how these attacks impact your network, whether it be an enterprise, tactical, or cyber-physical network. As technology evolves and network infrastructures become more connected with 5G, the threat of cybercrimes continue to rise. According to Cybersecurity Ventures, the cost of cybercrime around the world will rise to $6 trillion annually by 2021, up from $3 trillion in 2015.
Impact on Enterprise Networks
Enterprise networks are crucial for connecting computers and related devices throughout the company, integrating systems, and managing essential data. These networks allow global enterprises, both large and small, to optimize their operations. Therefore, suffering a loss of availability resulting from cyber attacks, such as the March ransomware attack on Finastra, one of the world’s major core banking providers with revenue of $1.9 billion annually, can result in massive disruptions internally as well as with partners, vendors, and customers. Finastra was forced to take its servers offline and close many offices throughout the world to deal with the threat. Even a brief downtime can result in significant revenue losses.
Attacks which compromise confidentiality can cause critical company data and user information to be leaked. Stolen intellectual property and operational data can be exploited by competitors, putting the company at a competitive disadvantage. Confidential user data can be sold on the dark web, resulting in damage to reputation, regulatory fines, and compensatory damages that may need to be paid.
Attacks which compromise integrity can corrupt critical stored operational, financial, personnel, and customer data. Regardless of the type of attack, if an enterprise network is compromised, it risks irreversible damage.
Impact on Tactical Networks
Tactical networks are essential for military communications. These networks relay different types of information, especially orders and military intelligence, from one command, person, or place to another upon a battlefield, particularly during the conduct of combat. The recent cyber attack by Russia against Ukraine is an example of how an adversary can employ such attacks to plan hostile action. Those responsible for protecting tactical networks and ensuring the safety of the warfighter must consider all potential cyber threats and their impact on mission success.
Loss of availability of resources in a tactical network can adversely impact operations by disrupting communications and blocking access to critical information. Eavesdropping attacks on surveillance and sensor data and communications can compromise confidentiality of information critical to missions. An adversary can thwart a mission by using this information to take countermeasures.
By launching attacks which compromise integrity of information, an adversary can modify surveillance and sensor data and communications. This can lead the command center to make decisions based on incorrect information, or forces in theatre to take actions other than those intended by the command center.
Given the mission-critical nature of these networks, it is of paramount importance that the networks be cyber resilient, i.e., the network should be able to thwart cyber-attacks, protect the confidentiality of data, and continue to provide service even when it is under attack.
Impact on Cyber Physical Systems
Cyber-Physical Systems (CPSs), such as power grids, autonomous vehicle systems, medical monitoring systems, process control systems, and aircraft autopilots, are a new soft target for cybercriminals. They include a network of sensors, actuators, and controllers connected to a remote operations center. Attacks on these systems are becoming so common and disruptive (e.g., the recent attack on Ukraine’s power grid) that a national emergency was declared to protect against foreign hackers who may threaten the U.S. power grid.
Availability attacks on physical systems can cause critical equipment, such as sensors and actuators, to stop functioning, or disrupt communication between components, adversely impacting the organizations’ ability to provide services such as water supply, power, etc.
Integrity attacks on these systems can modify sensor data, leading to actuators taking incorrect actions. This can cause disruption of service as well as serious harm to equipment and potentially personnel.
Consequences of Not Testing Your System
Network operators and mission planners are well aware of the damage cyber attacks can cause and therefore employ a variety of defensive measures (firewalls, intrusion detection systems (IDS), anti-virus software (AVS)) to protect their systems. But all too often, they treat cyber preparedness as a one-time measure, not fully comprehending the need to constantly test their system and proactively strengthen their defenses. This can lead to serious consequences.
- First, since new cyber threats are constantly emerging, without continuously testing their system, operators may not realize that their defensive measures (firewall settings, IDS, AVS) are outdated or ineffective or that the latest patches need to be applied.
- Second, reconfiguring the system (changing where routers and firewalls are placed, modifying firewall or access control rules, etc.) or adding new users, equipment, and software may introduce new attack surfaces in the system. Without testing, operators may not realize that the defensive measures which were effective in the old configuration may not be adequate for the modified configuration.
- Lastly, without constant testing, operators may not be able to assess the system’s ability to operate under cyber attacks (cyber resiliency) and take timely steps to improve it, or to evaluate the effectiveness of containment and mitigation strategies (such as upgrading software, adding backups and redundancy, implementing more stringent authorization and encryption protocols, better access control, etc.).
Testing of the physical network itself is a time-consuming and expensive process. In many cases, it is not practical to subject the network to real cyber attacks to study their impact because of the potential damage they can cause to the system. Simulation provides a zero-risk, cost-effective means to assess the cyber resiliency of the network.
SCALABLE continues to expand its network digital twin technology to improve management, performance, and cyber resilience of networks in all domains, from commercial enterprise IoT to military networked systems operating from seabed to space.