A recent report published by Sparsh Kulshrestha, Senior Security Analyst at CloudSEK, describes the current state of critical infrastructure security as “abysmal”. And with good reason. Kulshrestha points out that, due to increases in remote work, most security efforts have been focused on IT assets, while critical infrastructure assets have largely been neglected.
“While most industrial control systems (ICS) have some level of cybersecurity measures in place, human error is one of the leading reasons due to which threat actors are still able to compromise them time and again,” says Kulshrestha.
In the report, the CloudSEK team identifies some of the most common weaknesses in Operational Technology (OT) which can be exploited by bad actors, including weak or default credentials, outdated software, and infrastructure vulnerabilities. The report references recent cyberattacks on critical infrastructure, including water supply management, gas transport, the Colonial oil pipeline, and the port of Houston.
The scope of potential damage resulting from these cyberattacks ranged from exposure of sensitive data, to the manipulation of the chemical composition of the public water supply. While the former is embarrassing and bad for business, the latter could be disastrous.
Part of CloudSEK’s research included scanning the web, and the team discovered “hundreds” of vulnerable ICSs.
While this research was focused primarily on vulnerabilities in the software used to manage and control critical infrastructure assets, it highlighted that the physical security of the assets must be just as, if not more, abysmal. While organizations have been investing in some degree of cybersecurity to protect ICSs, much of our critical infrastructure—”the backbone of governments and large businesses”, according to CloudSEK—is woefully undersecured, with rudimentary technology, such as traditional locks and keys, or three-digit combinations known by many individuals (including current and former employees and contractors).
That’s why we’re trying to do something different at Sera4. We believe that critical infrastructure and assets need to be secured to the same, or greater, degree as IT assets, and we’re leveraging best-in-class software design to do it.
Our access control platform, Teleporte, provides bank-grade security to physical assets. Through Teleporte-enabled access control hardware, including padlocks and unlock controllers, we’re able to eliminate many of the challenges identified in the CloudSEK report, including weak or default credentials, outdated software, and architecture vulnerabilities.
Teleporte delivers reliable keyless access control and identity management to the critical services and infrastructure we rely on most: telecom, power, utilities, oil and gas, and traffic signals. The cloud-based platform means that it’s continually kept up to date in response to security threats and changing standards, and the fact that it doesn’t rely on existing network infrastructure makes our solution suitable for remote areas, and reduces the risk of network exposure and exploitation.
We think it’s time to move past the Dark Ages. Literally. With all of our advancements in technology, we’re functionally still using the same technology—mechanical locks and keys—as we did in the 10th century. We can do better, and we want you to do better. We’re all relying on the critical infrastructure that powers our lives. Let’s work harder to secure it.
To learn more about Teleporte, visit sera4.com.