Kathy Gibson reports from Gitex Africa Morocco 2024 – Any organisation that runs digital systems understands that it will come under cyberattack. For critical infrastructure, this can have broad implications beyond the company’s walls.
Ishaaq Jacobs, CISO at Sasol, points to the 2021 attack on Transnet. Coming as it did shortly after civil unrest, it had a massive affect on the whole South African economy as port operations had to be done manually.
Sithembile Songo, group CISO at Eskom Holdings, explains that the key to securing critical infrastructure is to ensure visibility.
“Studies show that most IT-related incidents impact the OT (operational technology) environment,” she says.
“At Eskom we take a risk-based approach. We realise that OT was not designed with security in mind, so we built in layers of defence.”
For its IT systems, Eskom uses realtime detection and prevention solutions to counter cyberattacks. However, realtime response isn’t appropriate for the OT systems, Songo adds, as this could impact the production environment.
“Instead, we focus on improving visibility so we can identity any criminal activity in the early phases of an attack. This lets us act quickly when necessary.”
Eskom also partners closely with third-parties and other, similar, organisations to share threat intelligence so they can all proactively block any threats that are identified.
Jacobs agrees that it’s important to recognise the significance of OT threats, and what the potential consequences could be.
“We must recognise that we are a distinct target because of our value to the economy.”
It’s important to focus on governance and control frameworks, he says.
Penetration testing and remediation is key too. “You don’t want to find out about a problem when you are being attacked. You need to understand the attack surface and prioritise what you need to do to minimise risks.”
Artificial intelligence (AI) and machine learning (ML) are valuable tools to help organisations like Eskom and Sasol in securing their critical systems.
“You can bolster your detection capabilities through AI tools,” Jacobs says. “We can say with a level of certainty that you will be attacked; you need to have the ability to detect and respond when it happens.”
Songo adds that decentralisation of critical assets means the organisation has an expanded attack surface.
“You need to rely on AI and ML to gather data from the whole network in order to gain visibility. And this visibility must be centralised so you can react quickly.”
The risk is organisation-wide and it is important to realise that security is a business problem, Jacobs adds.
“It cannot be handled by the cybersecurity team in the basement; you have to spread the accountability.”
Sasol does this by making cybersecurity everybody’s responsibility. Individual users have visibility into their own behaviours and equipment, with a dashboard to monitor it.
Accountability is then assigned to business units, which also take ownership of it.
“You can’t blame people for cyberattacks, but you can create good housekeeping,” Jacobs says.