Cybersecurity trends for control rooms and critical infrastructure

Company	BARCO
Date	19.06.2024

Cybersecurity is one of the hottest topics in professional IT systems. Hackers search for new ways to penetrate networks, while security experts try to outsmart them and stay one step ahead. New technology is being leveraged by both sides. In this article, Barco’s Product Security Officer, Timo Kosig, dives into the new trends in cybersecurity in general, and control rooms in particular.

Hackers are often just burglars. They want to break into a house and search for the easiest way to do it. If the house has a very tight security system, and every possible entrance is protected by three key locks, the burglar will walk away and search for an easier target. Does this mean it’s completely impossible to gain entry? No, and in the movie version, Tom Cruise would definitely find a way in. After all he has all imaginable resources at his disposal to help him. The point is that the average burglar knows there are thousands of other houses that are secured less well. This is also often the case for cybersecurity.

However, due to the changes in geopolitical situation, we see more focused attacks on critical infrastructure. While past attacks used to be more opportunistic, attacking the easiest targets, they tend to become more focused now. This is an alarming trend, of which the cybersecurity staff at critical infrastructure organizations should be aware!

Careless clickers & ransom extortionists

When talking about hacking, many people think the Hollywood way: a geeky whizz-kid that sits behind a computer and forces his way into a network in less than three minutes. In real life, attacks are a lot more time-consuming and often had the intention to overload systems and shut down the operation (best known is the Distributed Denial of Service attack).

However, in recent years ransomware has been on the rise. Once it has gained a foothold in the attacked network, a worst-case scenario will see the ransomware self-spread and infect as many systems as possible, effectively encrypting all contained data. Then the hackers offer to decrypt the data if a ransom is paid.

This is a real and very concerning scenario for almost every organization today. To recover from a full-blown ransomware attack can take weeks, more likely months, and is going to severely impact an organization at all levels.

But how does that ransomware gain a foothold in the network? The easiest way for hackers to enter the network is by exploiting the biggest vulnerability of all: us humans. That’s right, most security breaches can be brought down to a careless employee clicking a wrong link.

Different flavors of phishing

Phishing is the combination of ‘phreaking’ (breaking into telecommunications systems) and fishing. Not surprisingly, phishing is similar to fishing. The fisherman throws out a line with bait and waits until a fish decides to eat it. Just like this can be any kind of fish, it can be any kind of individual who falls for the phishing mail. In the past, phishing mails were often sent out indiscriminately to as many recipients as possible. This means that the hacker had initially no idea which network he would penetrate, or whose bank account he will rob.

In recent years, we see that hackers work in a more targeted manner, contacting specific employees of a chosen organization. This is called spear-phishing. By narrowly targeting certain people, the hackers can also make the phishing-mails (or phone calls) more convincing. Another type of focused phishing is whale-phishing or whaling, in which C-level management is targeted. These individuals can typically authorize large payments, so hackers go through a lot of effort to do this right. Many of these whaling attacks have cost companies millions.

For cybersecurity professionals, phishing is difficult to deal with. The most effective way to avoid it? Constant education, making employees aware that it could really happen to them…

If all those efforts fail, and ransomware manages to enter and spread in an organization’s network, timing is absolutely critical. Further spread should be contained, if possible, which effectively means taking large portions of the network offline or implementing hard segregation to infected networks.

Once ransomware is contained, the aptly named process of disaster recovery can start which will involve restoring critical systems from backups wherever possible – or rebuilding them from scratch.

The rise of AI

AI is ever-present in today’s trend lists. This article is not an exception. Using AI, attackers can write code a lot faster than normal, resulting in an increase in threats. However, the same goes for the defensive side: AI can help scan the network, search for typical patterns that point to a cyber-attack, and even respond to this attack in real time. This means that the constant race between hackers and cybersecurity personnel to outsmart each other is entering a new level.

But AI not only plays a role in programming! Also, phishing mails can be created to look and feel more trustworthy by using AI. Where in the past you could often spot phishing mails easily by their shaky layout and bad writing, this will become a lot less obvious. This is a trend that will fully emerge in 2024, so be aware of that!

Trust nobody

Once they have entered a house, the burglars typically have free access to every room. Sure, there may be a safe that contains big bucks, but they will be free to sniff around in all the closets. Now imagine that every room is again sealed by an armored door that requires a valid identity card. Now the burglars can only enter the hallway but need to find a way to get into every room. That would discourage even the most determined criminal, right?

It is this principle that is used in a ‘Zero Trust’ architecture. Unlike traditional systems, that use a perimeter-based security model (we create a network segment, add a firewall to protect what is inside, and everything inside is trusted), Zero Trust requires that trust is established every time when there is communication between members of the network. In this way, a full infection of the system is a lot harder.

The improvements that Zero Trust brings are so relevant to security that they are being recognized and required by state law. In the U.S., for example, the President’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028) requires federal civilian agencies to establish plans to drive adoption of Zero Trust architectures. Also, the NIS2 (Network Information Security) directive, issued by the EU for critical infrastructure organizations, adopts Zero Trust as a requirement.

Barco CTRL as a secure platform

Cybersecurity is a joint responsibility of equipment manufacturers and the organization’s IT staff. The former need to develop products that are fully secure, while the latter need to ensure all security settings are correct, the system is up to date at any time, and new software and hardware is introduced the correct way. Our control room software and hardware platform Barco CTRL is Secure by Default, which means that the platform is secure out-of-the-box. No hardening measures must be taken. Of course, the system can be adjusted to the requirements of the organization, and if necessary, security can be loosened to accommodate legacy systems.

Furthermore, Barco CTRL was designed from the ground up following the Security by Design principles. The result is a system that has taken security as a critical component in every step of the design process. It supports operation in a Zero Trust environment, making it compliant with legal legislation for critical infrastructure.

For more information about Barco CTRL, click here or contact us.

About the Author

Timo Kosig is Barco’s Product Security Officer. He is part of Barco’s security office and is the interface between what happens in the outside world (trends, regulations, customer feedback…) and translates those to the requirements for the Barco products. He also coordinates security penetration tests (done by a third party). Before joining Barco, Timo worked as a cybersecurity manager at a healthcare company.

Contact

BARCO
Beneluxpark 21
8500 Kortrijk
Belgium

+3256233211

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
test_cookie	15 minutes	The purpose of the cookie is to determine if the user's browser supports cookies.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 6 months 7 days 11 hours 28 minutes	No description

Cookie	Duration	Description
_tr_id.2039.3637	1 year 27 days	No description
_tr_ses.2039.3637	30 minutes	No description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Translate Page

Cybersecurity trends for control rooms and critical infrastructure

Contact

Privacy Statement

Privacy Statement

Privacy Statement

Privacy Statement

Airport Suppliers uses cookies to create a better experience for you