As a key facet of critical infrastructure, power plants — and the leaders who work at them — deal with highly privileged information on a regular basis. While enterprise security is a vital feature at all enterprises, at power plants it's especially imperative, since the consequences to not having it can be dire.
"Critical infrastructure faces an increased risk of attack these days."
With cyberattacks gaining momentum and honing in on increasingly high-value targets, critical infrastructure entities have reason for concern. This fact came to light back in December 2014, when nuclear plant operators in South Korea revealed that their computer networks had been hacked, according to Reuters. At the time, nuclear reactor design expert Suh Kune-yull told Reuters that the attack pointed to the potential that cybercrime could jeopardize national safety.
"A compromise of nuclear reactors' safety pretty clearly means there is a gaping hole in national security," Kune-yull said.
Months later, in March, South Korean representatives publicly blamed North Korea for the reactor hack, stating that they were able to trace Internet addresses linked to the attack to their northern neighbor and longtime adversary. The malicious strain that was used to carry out the intrusion was also created in North Korea, The Wall Street Journal reported. A news story like this has implications across the globe. A cyberattack on a power plant infrastructure isn't a hypothetical event anymore — it's something that really happened. And now that it's a reality, there are perhaps other hackers who are devising similar intrusions.
One might think that the attack on the South Korean power plant system was highly intricate, but in fact it had relatively simple origins: The malicious intrusion — like so many others — began with a series of phishing emails.
"The South Korean power plant attack was conducted via phishing emails."
There's a reason why spear phishing emails represent a go-to strategy for cybercriminals: Email tends to be one of the most vulnerable entry points in any enterprise's infrastructure. Once unsophisticated, spear phishing campaigns now have the potential to be highly convincing — so that a targeted staff member may actually be fooled into providing privileged data to a hacker.
Because it represents one of the easiest points of entry for attacks, protecting email must be a priority for power plant administrators. Here are some of the steps that power plants must take to secure email:
When it comes to securing email for critical infrastructure, Entrust Datacard is a leader in the industry. Our IdentityGuard offering provides users with a robust means of validating user identities to prevent any malicious element from gaining privileged access. The unmatched quality of our solutions is what makes us a leading authentication provider for government, enterprise and banking.