Recent cyberattacks, including the Colonial Pipeline and SolarWinds hacks, have revised the debate around centralized versus decentralized system designs. Traditionally, organizations’ legacy systems have often operated independently of each other. Over the years, however, computer systems evolved into a centralized design that introduced many benefits, which included ensuring consistent policy implementation, remote system administration, remote system patching, single sign-ons, consolidated backups. In addition, a centralized system reduced staffing needs.
As hardware improved, decisions were made to combine the role of critical infrastructure devices — such as servers and networking equipment — to continue improvements in productivity. While improving the efficiency of systems, some people are questioning if this approach in today’s high-risk environment has placed organizations at a higher risk level, as well as creating a target-rich environment for attackers.
Why The SolarWinds Hack Is So Disturbing Regarding Centralized Systems
In many organizations, network management tools such as SolarWinds have been implemented to allow administrators to effectively manage and maintain large networks. The compromise of SolarWinds’ infrastructure through its software update process, however, is particularly disturbing on multiple levels.
For years, organizations have worked to centralize software updates and strengthen the overall security of an organization by forcing the installation of software patches for known vulnerabilities. This model ensures the security compliance of software throughout the organization.
But if attacks to the software update process bring this model into question, it will be exponentially difficult to patch large numbers of electronic devices in a timely manner once a vulnerability fix is issued. Likewise, network administrators’ ability to detect anomalies or performance degradations could be significantly and negatively affected if an organization decides to limit the scope of network tools for fear that attackers will gain control and use the tools against them.
The Colonial Pipeline Hack’s Effect Could Have Been Reduced with a Decentralized System
The Colonial Pipeline attack, which disrupted the flow of gas across the southeastern states of the U.S. is another case study of the usefulness of a centralized versus a decentralized system. To reduce the overhead of large storage facilities, companies typically employ logistics strategies, including just-in-time delivery. Shipments are adjusted, often in real time, by the supplier in order to meet customer demand.
However, Colonial Pipeline’s centralized operations were disrupted as the result of the cyberattack. That attack forced them to pay a five-million-dollar ransom to regain control of their network and start suppling customers with gas again.
However, the long-ranging effects of the gas supply disruption would have likely been significantly less with a decentralized design that would have potentially reduced exposure to a single site or system. Additionally, hackers likely would not have been able to compromise backups, allowing data and control to be more easily restored after the breach.
Large, Centralized Systems Like Sabre Are a Target for Hackers
The airline industry uses a centralized registration system, Sabre, which allows airlines, travel agents and consumers to access the same flight ticketing system. While Sabre is extremely convenient, it is also a large target for would-be hackers.
Protecting our nation’s critical infrastructure is a collaborative effort regardless of whether the assets are governmental or private. A recent FAA Aviation Cybersecurity US GAO report addressing the threat from cybercriminals to the Sabre system show how public private partnerships are working.
Exploring Our Cybersecurity Risks Will Be Necessary as Our Use of Automation Grows
Our critical infrastructure depends on a multitude of interconnected computer systems. As we continue to increase our levels of automation, including the utilization of artificial intelligence (AI), we must question what cybersecurity risks we are introducing as a result. This cybersecurity issue is not industry-specific. However, improving our exploration of cybersecurity risks, especially to our critical infrastructure, is an issue that we will collectively have to confront and solve to create a workable solution.