Cyber Assaults on Crucial Infrastructures
In today's digital age, the security of critical national infrastructure has become a top priority for federal government agencies. The Department of Homeland Security, among others, is working diligently to demonstrate its commitment to deterring debilitating and significant threats against critical infrastructure.
One of the most high-profile incidents in recent years was the 2021 Colonial Pipeline ransomware attack, which resulted in a fuel and gas supply disruption across multiple states. The DarkSide ransomware gang was behind this attack, and Colonial Pipeline paid a ransom of $4.4 million to prevent further disruption.
The integration of operational technologies with industrial control systems has made these interconnections prime targets for cyber adversaries. In fact, operational technologies have become a favoured target, as they interconnect industrial control systems to facilitate the management of critical infrastructures.
The European Union Agency for Cybersecurity (ENISA) published cybersecurity guidelines and standards for IoT supply chains in 2020, aiming to improve the security of these technologies. Similarly, the National Institute for Standards and Technologies (NIST) enforced the IoT Cyber Security Improvement Act to ensure robust protection and security capabilities in all IoT deployments in the US public sector.
However, the integration of legacy systems with vulnerable IoT technologies introduces millions of unknown attack vectors and vulnerability points. This was evident in the case of the farmers cooperative NEW Cooperative, where a ransomware group, BlackMatter, took out the online networks, demanding a $5.9 million ransom to provide a decryption key.
SMEs often lack the resources to implement the same security resources as multinational organizations, creating blind spots in critical infrastructure security. A study involving more than 2,000 participants across the United States found that end-users are less concerned with attacks that target critical infrastructure and operational technologies. This lack of concern is concerning, as 83% of organizations managing critical infrastructure suffered a cyberattack in 2021.
The US government and institutions in the private sector must enforce policies that bolster the security of interconnected critical infrastructures to minimize risks. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert - Alert (AA21-287A) Ongoing Cyber Threats to US Water and Wastewater Systems on Oct 14, 2021. The joint advisory by the FBI, National Security Agency (NSA), and the FBI also highlights the increasing malicious cyber activities perpetrated by known and unknown harmful actors targeting the operational technology and information technology of US Water devices, networks, and systems Wastewater Systems facilities.
In the United States, critical water infrastructure systems have been targeted by ransomware attacks in recent years, including incidents affecting municipal water treatment plants and utilities. To mitigate cyber threats and respond to incidents, organizations have implemented measures such as enhanced cybersecurity protocols, employee training, deployment of intrusion detection systems, network segmentation, and collaboration with federal agencies like the FBI and CISA.
Governments and policymakers must signal a willingness to deter cybercrime and create policies for punishing guilty actors within the limits of international law. ENISA is developing specific cybersecurity standards for critical infrastructure industries and operational technology operators. As the digital landscape continues to evolve, it is crucial that we prioritize the security of our critical infrastructure to protect both our economy and our citizens.
Read also:
- Top 15 Pivotal Risks to Mobile Application's Security
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
- "Global VPN Day: Is it a shield for privacy or a gap needing sealing? Exploring the implications"
- Summoning Shamans, Spirits, and Love in the Play 'Head Over Heels'
