As the U.S. Infrastructure Bill Comes Together, Will Floodgates Open When Other Critical Services are More Connected?
By: Orhan Yildirim
While it is encouraging to see investment in physical-digital infrastructure growing as part of the global economic recovery, there are already clear signs that adversaries are continuing to test the waters, as connectivity and automation may leave the “doors and windows” unlocked.
Halfway through 2021, reports of attacks continue to grow.
For example, hackers could have opened the floodgates on a dam in New York in 2013, but the gates were offline for maintenance, which was extraordinarily lucky. Another individual in Florida tried to poison the water supply when a worker noticed and stopped it. And rather than risking a pipeline disaster after a ransomware attack on the Colonial Pipeline earlier this month, the operators shut it down.
Experts are understandably alarmed about how vulnerable infrastructure is to cyberattacks.
Those same experts say there are more attacks to come, which could be far more devastating than anything seen so far unless the United States and other countries protect critical systems against these expanding and more sophisticated threats.
The US DHS has identified 16 Critical Infrastructure Sectors
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
Fact: each of these systems can be hacked.
“If any of (these industries) are attacked and taken offline, it would create massive repercussions across the United States,” said Tatyana Bolton, a former Homeland Security official who led the development of strategies to strengthen U.S. cybersecurity.
Deputy Attorney General Lisa Monaco, also part of DHS, warned CEOs to be “on notice of the exponential increase of these attacks.”
When we step back and consider a scenario where cyber attackers target global positioning satellites that help guide aircraft, ships, and other transportation and completely shut those systems down or reconfigure them, this could cause massive disruption.
Ransomware attacks on hospitals are happening more frequently, in large part stirred up by the growth of the number of electronic medical records; those records store detailed private information.
Universal Health Services, one of America’s largest health care providers, with more than 25 hospitals and hundreds of other facilities, was attacked last year, and some facilities had to turn away ambulances.
Critical industries and infrastructure are vulnerable to these attacks because their computer systems, including those for industrial control functions, are increasingly connected to the Internet. Every node, every sensor, every smartphone, and tablet on sites can be attacked, given the hacker “implant codes” that can change the way machines, computers, and workers collaborate.
Companies in many critical industries are generally unfamiliar with “IoT” and “automated systems” and may be caught off guard when there are breaches.
These breaches often happen when privileged accounts are compromised, and the administrators responsible for ensuring the protection of critical infrastructure find themselves and their colleagues (who may share root access passwords) caught in the crossfire.
This is where Ironsphere’s comprehensive PAM platform comes in by providing “zero trust” software solutions that protect all digital systems and the critical services they enable as infrastructure becomes increasingly instrumented.
The benefits of moving more and more to the cloud are now proven. What do IT teams need to know when contracting with cloud service providers and the communications service providers delivering access and transmission services?
While we all instantly understand the motivation for cyber criminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.
When the Covid-19 pandemic began, organizations across all industries were forced to go digital, which unfortunately led to a boom-time for potential cybercriminals. Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals, with phishing and ransomware remaining the most common approach, accounting for 33 percent of cyberattacks.