Detect, respond, recover: Defending our most critical systems from cybercrime

You are already infected! When it comes to cyber threats, I believe that should be your mindset.

Every day, some 200,000 new pieces of malware are generated around the world. More than 60% of businesses experienced some type of cyber attack in 2018 – from phishing or spyware to mal- and ransomware. Two thirds of these were individually tailored for a specific target. And since it takes over 200 days, on average, to detect a virus, we conservatively estimate that nine out of 10 companies currently carry viruses.

Nor is the danger confined to your laptop, phone and traditional IT systems. Nowadays, critical infrastructure, such as control systems for power stations, transportation systems or defense platforms, is just as vulnerable. It is such systems, commonly called ‘Operational Technology’ systems, that we at Mitsubishi Heavy Industries (MHI) Group are seeking to protect and defend.

One reason OT systems are no longer safe is that while they used to be ‘offline’, more and more of them are now networked. Rapid growth in the Internet of Things will only accelerate this trend. The supply chain can also be a weak point: if a component in a control system carries a virus then the whole system can be compromised. Often, such components are manufactured by smaller companies that do not have the resources or skills to guard effectively against cyber attacks. Governments and industry need to co-operate to overcome this challenge.

The biggest threat, however, is people. Some are malicious hackers, motivated by political or monetary gains . But most are just untrained employees, who do not practice good cyber hygiene. Four years ago, as an experiment, US researchers left some anonymous USB sticks lying around a college campus in America. Almost half the students who picked one up plugged them into their computers without thinking twice. Now imagine if those USB sticks had been infected with spyware or malware?

So, if 100% protection against cyber threats is realistically impossible, the focus must be on three things: early detection; a rapid response; and then an efficient recovery of the (control) system. MHI’s InteRSePT software does exactly that and is based on our long history and expertise in designing, operating - and fixing - critical infrastructure.

InteRSePT, which stands for ‘Integrated Resilient Security and Proactive Technology’, constantly monitors the system on which it has been installed. That means it can detect anomalies defined in our profile algorithms, such as a drop in power triggered by a virus, in real time. It then immediately alerts the human operator of the system and recommends steps to mitigate the effect of the malicious commands and recover the system.

Aslo, InteRSePT supports a function that can prevent malware from executing a "kill" command.

To date, InteRSePT is in operation with a branch of the Japanese government and it is also being tested at several OT systems. We believe that demand for a product like this will continue to grow as global connectivity increases – one example is the move to remote monitoring of power stations, oil rigs and other critical infrastructure.

At the same time, the rise in online working, with COVID-19 driving rapid changes in behavior, is expected to lead to a spike in cybercrime. It is also forcing many companies to run factories with fewer people, or none at all - and with little time to properly prepare for these changes. We at MHI are ready to support our customers' efforts to fight against cyber attacks by making the best use of of our technologies and our knowledge of critical infrastructure.