Network Separation: Is it an Impenetrable Security Measure?
A major malware attack against Singapore’s Health Service sector has motivated the Singaporean Government to adopt a new strategy for protecting these systems from future cyber threats. The security measure that will be employed is called “Network Separation”, and involves completely disconnecting computers from the internet.
The Cyberattack on SingHealth
SingHealth, short for Singapore Health Services, is the country’s largest group of healthcare establishments. A recent malware attack against it resulted in the theft of the personal information of over 1.5 million patients. People who visited the hospitals between May 1st 2016 and July 4th 2018 were among those affected. Data that was exposed included the name, National Registration Identity Card (NRIC) number, and dates of birth of these individuals.
In addition to this, the medical information of another 160 000 patients, including Singapore’s Prime Minister Lee Hsien Loong was also stolen by the cyberattackers. This information included medicine that was prescribed and dispensed to these patients. Neither the identity of the perpetrators, nor the method of infiltration were discussed by the Ministry of Health in their statement.
Adopting a Drastic Defense Strategy
In response to the aftermath of this successful cyberattack, the Singaporean Government has adopted network separation, or “Air Gapping” as the method of defense to be used against future attack.
This practice involves disconnecting government systems that contain sensitive data from the internet, effectively creating an “air gap” between malware circulating on the internet, and these critical computers. The most common methods of infecting systems with malware include malicious download links, social engineering, and scanning the web for out-of-date systems with exploitable holes in their security. Therefore by disconnecting from the internet altogether, organizations can sever the cyberattackers’ pathway into their computers.
As noted by Singapore’s Deputy Prime Minister To Chee Hean, the strategy would have mitigated the damages of this cyberattack by “[disrupting] the cyber kill-chain for the hacker and [reducing] the surface area exposed to attack”. While the strategy has already been widely employed in Singapore’s public sector since 2016, the country’s Healthcare institutions have only just been disconnected.
While network separation is an effective method of eliminating cyberattack threats coming directly from the internet, it also has numerous disadvantages that need to be considered. The main upside of using an “Air Gap” to protect your organizations systems is that it makes it impossible for malware to reach your systems through malicious downloads links on the internet. Furthermore, it makes your system undetectable to automated scripts that constantly search for outdated servers to target.
However, this comes at a massive productivity tradeoff. As noted by Singapore’s Ministry of Health, “there will be some inconvenience for patients and healthcare staff”. This is caused by the fact that internal systems that rely on an internet connection to communicate with each other will also be unable to do so. For instance, if a doctor requires test results from the laboratory, they will now need to manually access the computer as opposed to simply pulling the data of the company server.
Furthermore, network separated systems also require more maintenance, due to the fact that they are no longer able to receive automatic updates distributed through the internet. As a result, patches will need to be manually downloaded and installed on these systems, and failure to do so will leave them highly vulnerable.
Finally, this strategy does not protect against malware that can be distributed through offline methods such as USB sticks. In fact, it may leave them even more vulnerable to these attacks because they are not constantly checking for updates from developers.
Previous Breaches of Network Separated Systems
In 2010, an Iranian uranium plant was infected with the “Stuxnet” malware despite being Air Gapped from the internet. The virus was introduced into the system through USB Flash Drives, and caused widespread disruption to the centrifuges at the institution.
Furthermore, “Brutal Kangaroo” is a malware that is believed to be developed by the CIA specifically for infiltrating Network Separated systems. Much like “Stuxnet”, this malware spreads through infected USB drives. A common solution to the vulnerabilities of “Air Gapping” is by using this method in tandem with data encryption, which encodes sensitive information on a computer, making it unreadable even when attackers infect a computer with malware.
Air Gapping has both advantages and disadvantage as a security measure. When it is paired with other security measures such as data encryption, it becomes a highly effective way of preventing many types of malware from infecting your organization’s computers. Our experts at GigE have years of experience in designing and employing security strategies tailored to your company’s needs. Contact us today at +1 (888) 366-4443 to get started today.