Critical Infrastructure Security, Ransomware

Critical infrastructure: An urgent priority for national security

Interviews with 12 CISA officials and stakeholders in the water and wastewater, energy, critical manufacturing and information technology sectors found that the process the agency uses to prioritize resources to critical infrastructure was out of step with the current threat environment. (Photo by Drew Angerer/Getty Images)

The United States government has identified 16 sectors of critical infrastructure, any of which if disrupted could damage the nation’s safety, health, and economic prosperity.

The Biden administration has called for an increased focus on improving national cybersecurity, and while it requires widespread action, critical infrastructure should remain a main priority. The U.S. must begin enacting a national resilience strategy to safeguard resources and avoid long-term damages.

The ripple effect of a breach in critical infrastructure

The Colonial Pipeline stretches between Texas and New York, delivering refined petroleum products to more than a dozen states. In May 2021, a malicious group called DarkSide, hacked Colonial Pipeline, exfiltrating about 100 gigabytes of data and threatened to make it publicly-available while simultaneously encrypting it so Colonial had no internal access to the files. The attack compromised the data of 5,810 individuals, showcasing the extent of damage that one single breach alone can have on the security of vital U.S. infrastructure. To meet the ransom demands the company decided one day later to pay about $5 million dollars.

Although ransom was met, the Colonial attack led to temporary gas shortages, but the impact could have been much more severe. The company’s proactive effort to store petroleum mitigated severe disruptions, but a more holistic approach—including an integrated cybersecurity strategy—could have reduced the likelihood of the breach in the first place.

All aspects of our critical infrastructure are vulnerable to an attack. For example, at the start of the year, the city of Oldsmar, Fla., discovered a cyberattack on their water treatment system. A criminal remotely changed sodium hydroxide levels in the water to more than 100 times than what’s necessary, a change that could have been devastating to the city’s population if the company did not discover it soon enough.

Even more recently, REvil initiated the largest ransomware attack to date, impacting over 17 countries. Among those impacted was the meat processing plant JBS that has plants in the U.S., Australia, and Canada. Thousands of JBS employees experienced shift changes and production was stalled for a couple of days in an already high-demand market.

These few examples are representative of the breadth and severity of the constant attacks on our nation’s critical infrastructure and highlight the urgent need for action when it comes to securing our critical infrastructure from cyberattacks.

How to promote national resilience levels

Many of the resources we rely on as a nation are dependent on computing systems, some of which are already outdated or undergoing digital evolution. This leaves vulnerabilities in computer systems as information technology and operational technology teams work together to update legacy systems, and increase operational efficiency while improving cyber resiliency.

While there are many strategies to protect critical infrastructure, the twin imperatives are automation and zero-trust practices.

Automation may seem counterintuitive to solving computer vulnerabilities, but it’s actually a necessary process to have in place when facing a critical infrastructure cyberattack. Automated sensors, reports and alarms allow for real-time decision-making and enable government, businesses, and other organizations to deploy security teams rapidly. Automation in other areas, such as data discovery and purging, decreases the likelihood of data decay and decreases the amount of data impacted should a breach occur.

Adopting a zero-trust architecture as a precaution reduces the likelihood of a cyberattack. Although employees may not willfully allow criminals into systems, they could unknowingly fall for phishing attacks, forgo encrypting files when sharing or forget to change passwords periodically, which makes insider threats a prominent security risk. Even something as simple as opening an intrusive email can put a company in danger. In fact, 94% of malware originates from email. To combat such risks, a zero-trust framework consists of continuous scanning and monitoring of users, devices, networks, workload, and data to detect suspicious and malicious behaviors. It will also require training employees on proper data handling and instilling vigilance into the organization’s culture, which will improve the overall security posture.

Facing the new cybersecurity frontier

Adversarial-nation-states, violent extremist organizations, and criminal enterprises are exploiting weakness in our interconnectivity to use coding, data and social engineering to inflict damage on our critical infrastructure and cause harm to our nation.

Regardless of which sector or the size of the population it impacts, critical infrastructure protection should remain a tier-one priority for national, state, and local cybersecurity. We have already witnessed the impacts from a lack of cybersecurity on our critical infrastructure. By increasing cyber resiliency through automation and zero-trust initiatives, the U.S. can reduce the likelihood and consequences of these breaches.

John DeSimone, vice president of cybersecurity, training and services, Raytheon Intelligence & Space    

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.