Threats that cybersecurity poses to critical infrastructure & what organisations can do to mitigate risks

 McAfee Enterprise’s Advanced Threat Research team has released new findings around the critical vulnerabilities discovered in the B. Braun Infusomat Space Large Volume Pump along with the B. Braun SpaceStation, which are designed for use in both adult and paediatric medical facilities.

 The research is a stark reminder of the importance of protecting critical infrastructure and the diverse IT supply chain. Over the past few years, we have seen cybercriminals take advantage of vulnerabilities within facilities, networks and systems that are deemed essential to the way we live, with attacks on the likes of hospitals and other healthcare organisations becoming an all too common occurrence. Most recently, for example, a hospital in Indiana was forced to turn away ambulances after hackers crippled its IT system with ransomware. Additionally, the FBI issued a warning of a specific threat to US Healthcare providers from Conti Ransomware.  

 

Though governments and authorities worldwide are starting to understand and react to the risks cybercriminals pose to critical infrastructure, there is far more to be done. Critical infrastructure networks and assets form the backbone of society. Therefore, dynamic solutions are needed to reflect the fact that emerging threats, and the technology needed to deter them, often change faster than the regulatory process can keep up.  

 

Organisations should also adopt a Zero Trust and Secure by Design mindset when it comes to protecting critical infrastructure. This will allow IT and security teams to maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary, without compromising user experience and performance. While safety is always the first priority when it comes to OT systems, given today’s cyber threat landscape, system designers should use threat models which consider risk from malicious attacks as well as safety risks.  

 

As cybercriminals continue to adapt and enhance their tactics to target our critical infrastructure, we must do everything we can to shore up defences and stay ahead of the adversaries.