In this episode of the Nexus Podcast. Runsafe Security CEO and cofounder Joe Saunders examines the motivations of these adversaries, the targeting of memory-based vulnerabilities in embedded systems prevalent in OT and healthcare, and how initiatives such as secure-by-design/default/demand can make a dent in ensuring the resilience of critical infrastructure.
Cyber Resilience
Industrial
Healthcare

Nexus Podcast: Joe Saunders on Advanced Attacks Against Critical Infrastructure

Michael Mimoso
/
Nov 13, 2024

Subscribe and listen to the Nexus podcast on your favorite platform.

Given the aggressive behavior and strategic changes of advanced attackers targeting U.S.-based critical infrastructure, a heavy emphasis is being placed on the resilience and cyber security of connected industrial and healthcare devices

Embedded systems in particular are a tempting target for APTs such as Volt Typhoon and Sandworm. Volt Typhoon, linked to China, is alleged to have embedded offensive weapons on military and critical infrastructure networks, while Russia’s Sandworm has targeted operational technology in Ukraine, its electric infrastructure in particular. 

In this episode of the Nexus Podcast. Runsafe Security CEO and cofounder Joe Saunders examines the motivations of these adversaries, the targeting of memory-based vulnerabilities in embedded systems prevalent in OT and healthcare, and how initiatives such as secure-by-design/default/demand can make a dent in ensuring the resilience of critical infrastructure. 

“Really what puts a lot of critical infrastructure at risk are memory safety issues in code that's deployed in critical infrastructure and memory safety is considered the most common when it comes to critical infrastructure,” Saunders said. “They also happen to be the most devastating when cyberattacks do occur—and unfortunately, they also have the most known exploits out there.”

Watch this interview with Adm. Michael Rogers

China, Russia, and other adversaries are believed to be targeting memory-based vulnerabilities that can enable anything from code execution to stealthy persistence on systems. If embedded systems are compromised, many of these devices are resource-constrained and are unable to support cybersecurity protections such as authentication, encryption, or lack update mechanisms. CISA’s secure-by-design approach, meanwhile, lists memory safety as one of its top pillars. 

“The practice of achieving memory safety in software is a difficult one,” Saunders said. “And the reason for that is there are billions of lines of code, [and] maybe even billions of devices. There's no way to catch it all. But there are ways to look at your software supply chain and understand and be more transparent and expose the visibility of the vulnerabilities that exist in software. So there are things like software composition analysis. There are things like generating software bill materials and associating the vulnerabilities with those components.”

In the meantime, U.S. asset owners, software and firmware manufacturers, and the government must contend with a shift away from adversaries exclusively carrying out espionage for economic gain and inching toward destructive or disruptive attacks in cyberspace. All of this serves to shake public trust in a time of conflict, and sow chaos among affected citizens. 

“Attacks on critical infrastructure could undermine confidence in the government to provide basic services,” Saunders said. “It’s this persistent attack method that worries me. And the pre-positioning of payloads, targeting memory-based vulnerabilities across critical infrastructure is a really, really good example of that.”

Cyber Resilience
Industrial
Healthcare
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
You might also like… Read more
Latest on Nexus Podcast