Growing Malware Concerns for Nigerian Facilities and Infrastructure
We have seen a rise in Viruses and Malware and maybe experienced their effect firsthand and would have a story or two to tell.
These days, of growing concern is the development of malware to disrupt facilities and other critical infrastructure through computers, referred to by some as cyberwarfare.
As analysts rightly predict, World War III would be purely Cyberwarfare and world powers then would not necessarily be the current world powers.
In recent times, the world witnessed sophisticated malware attacks against some countries like South Korea, Iran and others by cybercriminals. These attacks were targeted against their supervisory control and data acquisition (SCADA)/ Industrial Control systems.
So what are SCADA systems?
These are control systems made up of supervisory software which runs on dedicated servers or workstations programmable hardware devices also called Programmable Logic Controllers that are connected to and controls electromechanical processes.
These systems are used by organizations to monitor and control a variety of operations in industrial facilities, military installations, water treatment and distribution systems, oil and gas pipelines, electrical power transmission and distribution grids, large communication systems and even public and private buildings.
Depending on where needed, they could be deployed in critical infrastructure like power plants, refineries, production factories etc. so their potential sabotage could have far-reaching consequences. One of these consequences could be as dangerous as crippling the country’s economic capabilities.
While some others of these systems only happen to be relevant to their owners’ businesses and their malfunction would not have widespread impact.
A malware of this nature targeted at such infrastructure enables the attacker to alter the operation of industrial systems, like those in a nuclear reactor, by accessing the programmable logic controllers connected to the target computers.
Such attacks as the ones Iran experienced, could shut down a power plant or other components of a society’s critical infrastructure, potentially causing significant harm to people in a targeted region.
With comparison to the motive behind data-focused attacks which is typically financial, SCADA attacks tend to be political in nature, since they target operational capabilities within power plants, factories, and refineries, a lot of possibilities present themselves once an attacker gains access to a target plant or factory.
With considerations to the nature of the systems, Attack vectors would include:
i. Backdoors and holes in network perimeter
ii. Vulnerabilities in common protocols
iii. Attacks on field devices through cyber means
iv. Database attacks
v. Communications hijacking and Man-in-the-middle attacks
vi. Cinderella attack on time provision and synchronization
vii. bogus input data to the controller introduced by compromised sensors and/or exploited network
I would try to paint possible attack scenarios and what an attacker could try to do.
Possible attack scenarios could include, attack on production plants of local manufacturers and cause an alteration of key production vectors like the temperature at which certain fluids are heated in a brewery, or channel diesel through kerosene pipelines. This would definitely have drastic effects on the nation’s economy.
So you might say, this sounds cool and interesting but How are we affected?
Our country Nigeria happens to have industries running vulnerable infrastructure and thus, the list of vulnerable targets increase rapidly.
Consider this: If the opposition party decides to play dirty and sabotage our current government’s agenda, they could hire malicious hackers that would make mincemeat of our existing facilities running SCADA systems. This would definitely bring to halt production processes and would have negative impact on the financial clime of the nation. A lot of really terrible SCADA targeted malware exists in the wild, it just takes a little bit of research for a script kiddie to control one.
And then your next question is: What Can we do to prevent all these?
A lot of cybersecurity incidents occur that go unreported. The Federal Government has set up the ngCERT, our Computer Emergency Response Team to respond to cyber-attacks, provide mitigation and assist law enforcement agencies in tracking these criminals.
As stated in the 2015 Cybersecurity Act, Section 21, sub section 1:
“Any person or institution, who operates a computer system or a network, whether public or private, must immediately inform the National Computer Emergency Response Team(CERT) Coordination Center of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network, so that the National CERT can take the necessary measures to tackle the issues.”
It would go a long way in protecting our facilities and infrastructure if the Federal Government would make sure that this law is actively enforced.
Big organizations, companies and industries should heavily invest in proactive measures geared towards securing their assets. Although no system is a hundred percent secure, this practice would go a long way in reducing vulnerable entry points for these cyber criminals.
It is way profitable for these businesses to invest in hardening their systems than paying for incidence response and Disaster recovery management.
Another secure practice would be to Develop a Security defense pattern consisting of: authorization (Access matrix), Role-Based Access Control (RBAC), Multilevel access, Logger, Authentication, Firewalls, Intrusion Detection Systems.
It really is important to recognize security vulnerabilities in smart grid systems, but it equally is important to engage effective security policies in stopping these attacks.
Ensuring an infrastructure is secure is a step away from having a secure economy.