South Africa’s critical infrastructure sector is having to step up its game when it comes to cybersecurity and the evolving risk landscape.
The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching, writes Marcel Bruyns, sales manager for Africa at Axis Communications.
Not only can cyberattacks cause businesses and public entities to suffer from a loss of data integrity and availability, but they can also trigger events that pose a real-life threat to people and physical infrastructure. From there, the consequences can cascade, as critical infrastructure blackouts are reported to be the number one risk for local businesses.
Cyber resilience isn’t achieved by relying on a simple software package installed on endpoint devices, and nowhere is that truer than with network security and surveillance systems. The current trend of cybercrime and the potential for an incident demands a thorough response and strategy from operators.
That response must encompass all technologies and solutions available, purpose-built and with an eye towards long-term ownership and a full view of the system’s supply chain and lifecycle. By taking this approach, operators can mitigate the possibility of an incident taking place.
Cybersecurity in smart surveillance
Digital transformation and the growing use of IoT (Internet of Things) technology means operators’ security systems are very different from what they were two decades ago. Today’s surveillance solutions can communicate with each other, process and store information at the edge, and form part of a network ecosystem dedicated to monitoring and protecting people, equipment, and sites. However, because of this transformation, that network is now a target for cybercriminals and must be made resilient against attacks.
Manufacturers of security and network surveillance products have responded to this need by reshaping their product development strategies. Cybersecurity now serves as the foundation and is considered at the most fundamental level: the microprocessor and operating system (OS). Businesses cannot afford for cybersecurity to be an afterthought, as a lack of secure development processes can lead to software releases with exploitable vulnerabilities.
Using a security development model to guide software development, one that includes risk assessment, threat modelling, code analysis, and vulnerability scanning, manufacturers can meet the increasing awareness of security considerations across all industries, reduce the potential for security-related business risks, and create the potential for cost reduction through early threat detection and resolution.
Overseeing the supply chain
For infrastructure that is essential for everyday consumer and business life, supply chain oversight and management is a critical component of modern security and surveillance. A lack of transparency when it comes to information, equipment, facilities, software, and devices can lead to a compromised product, thus compromising the cyber posture and integrity of the business.
The answer is for operators to look beyond the operational benefits they unlock with new technology and focus on the cyber maturity of the businesses within their supply chain.[1] Some areas to consider throughout the evaluation process include the processes and policies in place (for example, ISO27001, which is recognised worldwide), and features and tools that are used to mitigate the risk of products being the root cause of an attack.
These features include signed firmware and secure boot, which ensure the product has not been compromised before it’s even deployed, as well as the ability to proactively manage firmware updates efficiently.
It is important to note that what is secure today may not be secure tomorrow. Considering the expected usage duration of products and the risks posed by outdated firmware, oil and gas operators need to take a long-term view towards their hardware, effectively overseeing both ends of the lifecycle of devices.
Managing devices and adhering to best practices
Critical infrastructure can be large and expansive, covering significant portions of land and geographically spread across multiple regions. As a result, it can be a challenge for operators to effectively manage their entire surveillance network ecosystem.
The answer to this lies with device management software, which enables operators to keep a full, real-time inventory of all devices – cameras, encoders, access control points, audio speakers, and others – and their key information, including model number, IP and MAC address, certificate status, and versions of the software each one is running.[2] In this way, operators can implement consistent management policies and practices and ensure all devices remain up to date and secure against any known vulnerabilities.
The use of device management software also ties into the greater practices of cybersecurity due diligence and best practices. Operators should always verify that all connected devices are running the latest software version, configure user privilege levels across the network to prevent unauthorised access and improper use, and promote cyber hygiene and awareness among personnel.
Given the current state of critical infrastructure in South Africa and efforts to rebuild the sector, operators have an opportunity to embed cybersecurity into all of their systems from the group up and, thus, build an optimal level of resilience across all their digital networks and systems.
By prioritising cybersecurity during the procurement process, working with trusted vendors, and taking a proactive stance towards risks, operators can best secure themselves and set a nation and industry-wide standard.
[1] Cybersecurity in process monitoring within Oil and Gas | Axis Communications