Relentless cyber attacks on critical information infrastructures (CII) such as public works, transportation, and manufacturing show no signs of slowing down. Threat actors and adversaries have found the operational technology (OT) that underpins these critical resources to be vulnerable to cyberthreats.
They also found that a successful attack could be devastating to the population and cause political and economic unrest. In 2021, a ransomware attack on the Colonial Pipeline canceled flights and left millions of Americans unable to buy fuel for their cars.of 2016 attack on the Ukrainian power grid In the middle of winter, 700,000 people lost power.
Singapore is no stranger to these threats. As a country that relies on highly connected technology to sustain its water, energy, transport, petrochemical and manufacturing capabilities, combined with the evolving cross-border cyber threat landscape, Singapore is a potential target. It is considered The attacker’s motivation could be political, as in the attack on the Ukrainian power grid, or purely financial, as in the colonial pipeline attack. But if Singapore is unprepared, the impact could be devastating.
The establishment of the Operational Technical Cybersecurity Expert Committee (OTCEP) by the Government of Singapore is an important step forward. By leveraging the collective experience of industry experts around the world, Singapore has developed world-class policies and procedures and shared that expertise with those responsible for critical systems.
The 2020 attack on SolarWinds highlighted how vulnerabilities in the software supply chain can be exploited by threat actors. This has made it clear how attractive it is for threat actors to attack trusted suppliers to gain access to their intended targets, in this case multiple US military and government agencies. In total, the attackers accessed over 18,000 corporate and government systems at major telecommunications companies, power companies, and most of the US Fortune 500 companies. It would take him a day just to compromise one software company.
Since this high-profile incident, software supply chain attacks have increased by a staggering 742%, according to Sonatype. Governments in the United States and Europe recognize the urgency of this threat and are swiftly issuing new laws and directives. We hope other regions will follow suit. Cooperation is key as software supply chains cross borders and no country is immune.
I’ve been asked which one I’m more worried about, ransomware or supply chain attacks. I usually answer “combo” because these are not mutually exclusive. Ransomware is a payload. The supply chain is an attack vector. As seen in Kaseya’s offense in 2021, attackers are beginning to “combine” their strategies.
Kaseya, who creates software used by many managed security service providers, has become an unintended vehicle for delivering ransomware to over 800 small and medium businesses (SMBs). Fortunately, most SMEs do not operate his OT systems, but that did not make the hybrid attack less effective for threat actors and adversaries in Singapore.
Securing the software supply chain is now a critical aspect of the overall business strategy, especially for companies in the CII space. Transparency across the software supply chain and awareness of all third-party embedded software can help save lives and protect the critical processes and equipment on which society depends.
With the advent of disruptive technologies, it is important for OT system operators and suppliers to be ready to innovate.
Consider the role of artificial intelligence (AI) in cybersecurity. Will AI be a hero or a villain?Researchers are finding out how a threat actor is leveraging generative AI systems like his ChatGPT to pollute his chain of software supply. demonstrated. Developers may look to AI to recommend software packages in common repositories, but the suggestions returned by developers often include “hallucinations,” i.e., realistic packages that do not actually exist. Often. All an attacker needs to do is create a malicious package, name it after the hallucination, and wait for an unsuspecting developer to incorporate that package into their software.
The fact that threat actors are leveraging AI is a reason to employ new technologies to counter their strategies and prevent rather than react to attacks. AI provides powerful analytic capabilities to perform tasks that require large cybersecurity teams to spend significant amounts of time on machine-friendly tasks.
For example, the only viable approach to performing continuous, real-time vulnerability tracking across millions of products and vulnerabilities announced each year is machine natural language processing. It’s not a human job that could add much more value elsewhere.
In the future, we can expect increased commitment and willingness to regulate the private sector, demanding the same level of transparency currently required by governments. Software bill of materials (SBOM) The use of SBOMs as a form of software attestation is now a mainstream expectation, and tools to generate and manage SBOMs are becoming more prevalent. As companies seek to quantify and limit risk, increasing visibility into the security of the software supply chain will become a board-level goal.
The pace of advances in generative AI technology and the fragile defenses found in most software supply chains today deserve global attention. The OTCEP Forum provides an ideal opportunity for his OT cybersecurity professionals from around the world to share their experiences and learn best practices for strengthening his OT cyber resilience in Singapore.
Eric Byres is a member of the Cyber Security Authority of Singapore’s Operational Technical Cyber Security Expert Panel, which consists of cyber security experts from around the world. He is also Chief Technology Officer at aDolus Technology, a cybersecurity research and development company focused on improving the cybersecurity of his supply chain of software for OT.