Recent cyberattacks targeting the U.S. critical infrastructure sector from nation-state adversaries have been both bold and aggressive, with several notable incidents. The Russian cyberattack group Sandworm has been linked to aggressive attempts to probe critical infrastructure, including water utilities, according to reports.

Meanwhile, hackers sponsored by the Chinese government have targeted key infrastructure, “primarily in Communications, Energy, Transportation Systems, and Waste and Wastewater Systems Sectors — in the continental and non-continental United States and its territories,” according to an advisory issued by U.S. and ally cybersecurity agencies.

Furthermore, a recent Waterfall security report found a 140 percent increase in cyberattacks against critical infrastructure in 2022. 

To combat these attacks, critical infrastructure facilities need comprehensive data management and protection solutions to significantly bolster their defenses against the increasing threat of cyberattacks.

A data management platform with immutable backup architecture can prevent unauthorized users from modifying or deleting backed-up data, which can help deter ransomware attacks and other attempts to breach critical IT and operational technology (OT) systems. Furthermore, a platform that provides visibility into an organization's data and systems across an environment (on premise, cloud, hybrid) helps with the management, monitoring and validation of cyber resilience and recovery processes.

It is imperative that critical infrastructure organizations securely backup and protect their critical data and systems such that they can quickly recover to a trusted known good state within 24 hours in the face of a cyber attack or other disruptive event.

Creating a robust defense with air-gapped and immutable backups

Securing critical infrastructure data and systems is paramount, and cybersecurity teams can employ a multi-layered strategy that includes air-gapped, immutable, and access-controlled backups. Secure data backup and recovery solutions are essential because they help ensure business continuity, minimize downtime, and prevent potential financial and operational losses.

Air-gapped backups create a physical or logical separation between the backup data and the network. Physical air-gapping means storing data on devices that are not connected to any network, while logical air-gapping uses software solutions to isolate data from direct access and modification by authenticated users. The key is to ensure that backup data cannot be accessed or altered, protecting it from cyberattacks and insider threats.

Immutable backups refer to the ability to preserve data in a state that cannot be altered or deleted and are crucial for preventing ransomware or malicious actors from destroying or tampering with the backup data.

Resilient backup solutions that follow zero trust principles have stringent controls that prevent malicious or accidental modification and deletion of backed up data. This can include measures like multi-factor authentication, role-based access control, and stringent permission settings. Access controls help mitigate the risk of insider threats and unauthorized access.

By combining these strategies, security teams at critical infrastructure organizations can create a resilient backup system that can withstand various cyber threats and ensure the integrity and availability of critical data.

Security monitoring and continuous vigilance

Security monitoring plays a crucial role in enabling continuous vigilance against data threats, including ransomware and indicators of compromise (IoCs). IoCs are pieces of evidence that can indicate a system has been infiltrated by malware or other cyber threats. They can provide cybersecurity teams with crucial knowledge after a data breach or other cyberattack.  

At the same time, continuous security monitoring provides real-time visibility into an organization’s security controls, insider threats, unauthorized access, and cyber threats, supporting risk management decisions.

Additionally, by constantly collecting and analyzing data from various sources across the IT infrastructure, cybersecurity teams can know where to contain and what/when should be recovered to a known trusted state. Security monitoring systems can generate alerts when anomalies are detected, ensure that organizations comply with internal and regulatory security policies, offer threat intelligence and better support risk management decisions.

However, to be effective, continuous monitoring capabilities should be integrated with established cybersecurity frameworks to help IT and security teams better manage their security risks.

How Rubrik can help

Rubrik can assist critical infrastructure organizations in strengthening their cyber resilience. Rubrik Security Cloud for Government provides secure backup to protect critical data and systems, enhanced security monitoring for data threats, accelerated recovery, and visibility of data to ensure that it is available all the time. We offer air-gapped, immutable, and access-controlled backups to secure data against cyber threats, including ransomware. In addition, our approach aligns with strategies for improving cyber resilience, such as adopting cybersecurity frameworks, establishing performance goals, and implementing robust incident response plans.