National Critical Functions (NCF) are hurrying into digital adoption like all industry verticals. A paradigm shift uprising with multiple obstacles to securely move into the immense benefits Industry 4.0 promises. From better workforce safety to new business opportunities, the intelligent connectivity of the physical and the digital presents a digital gold rush, a new market expected to reach trillions of USD.

Every business, large or small, is invited to start the race, but the finishers rate is still being determined, and those unable to cross the finish line can become extinct. The stage has been set, and the actors' auditions have started. But when it comes to NCF, this rat race is unacceptable.

When services that provide societies with such vital functionalities that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof, require other paths. Security is one of the basic requirements for critical infrastructure to take advantage of Industry 4.0.

• Cybersecurity & Infrastructure Security Agency (CISA) - "Driving toward a future where software and hardware are designed and built with security as a top priority is a necessity, particularly in ICS and OT, which directly underpin critical functions." CISA Strategic Plan 2023-2025

Partnerships are paramount for NCF's digital transformation success

It's important to note that CISA is a relatively new organization. It was established as an Agency in 2018. Therefore, there's a lot of work to be done, and if we add the eruption of IoT, providing a secure environment becomes even more challenging. The recent pandemic triggered the necessity to adopt digital connectivity to an industry that was never built with the internet as we know it as an important actor.

This digital connectivity has opened up risks and vulnerabilities that are very tough to tackle, and mitigation processes are long and complex. This recipe is difficult to swallow for a workforce with enough responsibilities to add the security mitigations recommended by CISA.

As an example, a brief resume of the security mitigations presented by CISA to alert the Water and Wastewater Systems in the U.S. due to the ongoing cyber threats triggered by the Russian invasion of Ukraine:

• WWS Monitoring - Personnel responsible for monitoring WWS should check for suspicious activities and indicators that may indicate threat actor activity.
• Remote Access Mitigations - The increased use of remote operations due to the COVID-19 pandemic increases asset owner-operators' need to assess the risk associated with enhanced remote access to ensure it falls within acceptable levels.
• Network Mitigations - Implement and ensure robust network segmentation between IT and OT networks and develop/update network maps to fully account for all equipment connected to the network.
• Planning and Operational Mitigations - Ensure the organization's emergency response plan considers the full range of potential impacts that cyberattacks pose to operations.
• Safety System Mitigations - Install independent cyber-physical safety systems.
• Additional Mitigations - Foster an organizational culture of cyber readiness and update software, including operating systems, applications, and firmware on IT network assets. Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures, and implement routine data backup procedures on both the IT and OT networks. When possible, enable OT device authentication, utilize the encrypted version of OT protocols, and encrypt all wireless communications.

Adding all these extra chores (if you still need to do so, you can read the whole mitigation list here) to the daily routines of a workforce that provides critical services isn't an optimal solution.

Here we arrive at the importance of partnerships. Reading CISA's strategic plan for 2023-2025, there's a recurring focus on the need to work toward partnerships. In fact, in the third of their four major goals, this is specifically indicated:

• GOAL 3 | OPERATIONAL COLLABORATION
• 3.1 Optimize collaborative planning and implementation of stakeholder engagements and partnership activities.
• 3.4 Enhance information sharing with CISA's partnership base.

What we can learn from the above is that cybersecurity has become a top priority but is still a work in progress. We are still at the learning stage, where adjustments are the norm, to counter the ever-growing sophistication of cybercriminals' attacks.

Cyberattacks on critical infrastructure

To understand the severity of cyberattacks, let's look at recent incidents and the economic and potentially life-threatening costs. In 2021, cybercriminals were able to access various critical infrastructure plants and services, to name a few:

• A water treatment plant was hacked in early 2021 - A hacker successfully accessed a water treatment plant that supplied the San Francisco Bay area and poisoned it. The attack was detected the following day. Fortunately, there was no reported illness from water-related failures. NBC News
• Colonial Pipeline ransomware attack - The most significant cyberattack on an oil infrastructure target in the history of the United States, affecting 17 states and Washington, D.C., issuing an emergency declaration by the Federal Motor Carrier Safety Administration. The economic cost rose to over $4 million. Wikipedia
• Olympus hit by ransomware - This Japanese multinational manufactures optical and digital reprography technology for the medical and life sciences industries. Threatpost
• New Cooperative - Suffered a ransomware attack demanding $5.9 million, which would lead to food supply disruption for grain, pork, and chicken. BleepingComputer

Understanding the potential harm these incidents can have on societies and knowing the problem will continue to arise. Taking action and looking into other means to handle constant attempts to bring down National Critical Functions digitally is paramount.

IoE Corp's EDEN system cyber secures NCF

Internet of Everything Corporation (IoE Corp) provides a solution to help cyber secure national infrastructure. IoE EDEN is a private online Edge Cluster developed around a sustainable computing core. An Online Private Garden that keeps track of all data movements and verifies that data received comes from another trusted node on a blockchain.

In addition, an OP Garden backbone device only communicates over one TCP/IP port. All other access to the device has been eliminated at an OS level; this provides extreme security, as not only does it remove attack vectors. It creates a second layer of malware detection, as the malware will try to contact its Command and Control center on ports that are not opened but are still being monitored.

Implementing IoE Eden to critical infrastructure offers full security measures that mitigate and alleviate NCF workers as autonomous automation becomes a reality. With IoE Eden's Online Private Gardens:

• Defense against denial of service attacks (DDoS) - Eden is fully decentralized; DDoS attacks are mitigated, as there are no centralized points to attack.
• Malware Detection - As malware tries to replicate itself to other nodes, it can be detected. The infected node can be identified via data transfer checksum consensus on a blockchain and quarantined.
• Bad data and player detection - Using verification and sanity checks on data amounts entering and transported over Eden.
• Secret and configuration management - Eden lets you store and manage sensitive information, such as passwords, OAuth tokens, and encryption keys. You can deploy and update secrets and application configuration without rebuilding your Depos and exposing secrets in your service.

IoE Planet Partner Program

To access the immense advantages IoE Eden provides to critical infrastructure's digital transformation, you can now apply to IoE Corp's Planet Partner Program. Incorporate into your IT consulting services and products a solution ready to help you and your customers enter Industry 4.0 at the forefront of this fourth industrial revolution.

Eden is a State of the art, robust P2P based, distributed, and decentralized compute and storage platform with internal consensus and decision capabilities. Eden makes autonomous automation a reality.

In addition, EDEN is eco-friendly. By running on passively cooled IoT devices and with power-aware code, it saves megatons of CO2 equivalents. If you want to learn more about this groundbreaking technology, apply to our Planet Partner Program.