1. News
  2. SCİENCE
  3. Cyber Threats Loom Over Essential U.S. Infrastructure

Cyber Threats Loom Over Essential U.S. Infrastructure

featured
Share

Share This Post

or copy the link

Critical water, health, and energy systems are facing increasing risks from cyber threats.

Current geopolitical tensions, such as the recent US military actions against nuclear facilities in Iran, highlight the urgent need to prioritize the security of these infrastructures. According to Joshua Corman, an executive in residence for public safety and resilience at the Institute for Security and Technology (IST), any potential conflict is expected to involve hybrid warfare tactics.

“With great connectivity comes great responsibility.”

As the digital landscape expands, it becomes a battleground where critical infrastructure is increasingly at risk. Given past incidents, like the Colonial Pipeline ransomware attack in 2021, which disrupted a significant portion of the East Coast’s fuel supply for nearly a week, there are serious concerns about cyberattacks targeting essential services. Additionally, reports of increased ransomware attacks on community water systems further underscore these vulnerabilities.

Despite the grim outlook, Corman emphasizes the importance of reassessing how hospitals, water supplies, and other vital services are protected from cyber threats. He advocates for practical, analog solutions that focus more on physical engineering than solely on digital defenses.

This interview has been edited for length and clarity.

From your perspective as a cybersecurity expert dealing with essential services, what concerns you the most?

The vulnerabilities within our crucial lifeline functions, such as water and safety, are alarming. Modern connectivity creates obligations for safeguarding these infrastructures, yet we see continual challenges in protecting everything from sensitive data to essential services.

Historically, these systems have been left open to threats, and with attackers growing more sophisticated, the risks escalate.

How precarious is the situation for these systems across the United States?

Since around 2016, there has been a marked increase in ransomware attacks, with hospitals identified as prime targets due to their critical nature and limited cybersecurity resources. The consequences of service disruptions can be dire, making healthcare facilities easy prey.

The disparity between the resources available for defending these vital services and the ease with which they can be attacked is concerning. For example, many small rural water facilities lack the necessary budget for cybersecurity, often relying on outdated technology that is not secure.

“You have this kind of asymmetry and unmitigated feeding-frenzy.”

It’s estimated that around 85 percent of those responsible for critical infrastructure are in a similar precarious situation, with extensive targets yet lacking cyber defenses.

For instance, the hacking group Volt Typhoon has successfully infiltrated US water facilities, positioning themselves for potential future attacks. The group is linked to state-sponsored efforts from China.

With China’s long-term intentions regarding Taiwan, their willingness to disrupt US critical infrastructure raises major concerns. Most facilities remain unprepared and lack cybersecurity personnel and budgets to defend against such threats.

In light of recent events surrounding Iran, are any specific vulnerabilities more pronounced at this time?

Countries like Russia, Iran, and China have demonstrated the capability to target essential services, especially water resources. Corman emphasizes that a lack of water can quickly cripple hospital operations, affecting emergency protocols and sanitation.

This creating of smart infrastructures enhances vulnerability, leading to potential severe disruptions in civilian services if these access points are exploited during conflicts.

However, Corman advises against rushing to conclusions about immediate threats from Iran, suggesting their focus may be directed elsewhere for the time being.

Different malicious actors have varied motives and methods, often utilizing prolonged infiltration strategies to monitor and leverage weaknesses within critical infrastructures.

Corman likens the situation to identifying vulnerabilities akin to the “thermal exhaust port” of a well-known fictional space station, with many critical functions sharing similar weaknesses.

What actions should be taken to address these vulnerabilities?

Corman advocates for implementing what is known as “cyber-informed engineering.”

Evidence suggests that rapid changes in water pressure at compromised facilities could lead to devastating surges capable of damaging infrastructure. Therefore, preventative measures are crucial to maintain operational integrity.

Innovative and straightforward engineering solutions, similar to household circuit breakers, can be implemented at water plants to enhance resilience against pressures caused by cyberattacks, mitigating potential damage without requiring extensive budgets.

“Think of this a little bit like Star Wars.”

To effectively lower the likelihood of breaches, organizations should invest in both cybersecurity measures and engineering solutions that will minimize the consequences should a compromise occur.

By addressing potential physical damage as a priority and collaborating with water plants on practical, mutually accessible solutions, a pathway can be created for both immediate and long-term cybersecurity improvements.

How have budget and staffing cuts affected federal agencies and the security of critical infrastructures?

Recent shifts in responsibility for cybersecurity resilience from federal to state levels coincide with unfortunate timing, as agencies grapple with budgetary constraints and reduced personnel.

Corman highlights that budget reductions at key agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) impede their capacity to assist states effectively, particularly with funding cuts to critical resources like the Multi-State Information Sharing and Analysis Center.

Increased collaboration between public and private sectors is crucial and seems to have bipartisan support. However, pervasive budgetary and staffing issues across multiple federal departments hinder the overall effort to enhance cybersecurity readiness.

Urgent action is needed as responsibility for cyber resilience increasingly shifts to local levels. Corman emphasizes the importance of education and collaboration among numerous nonprofit initiatives, stressing the formation of volunteer groups aimed at supporting cybersecurity for critical services.

Corman concludes that this juncture in history calls for heightened proactive measures, noting that the expectation for governmental intervention may not be met. It falls to individuals and organizations to take initiative in enhancing resilience.

Cyber Threats Loom Over Essential U.S. Infrastructure
Comment

Tamamen Ücretsiz Olarak Bültenimize Abone Olabilirsin

Yeni haberlerden haberdar olmak için fırsatı kaçırma ve ücretsiz e-posta aboneliğini hemen başlat.

Your email address will not be published. Required fields are marked *

Login

To enjoy Technology Newso privileges, log in or create an account now, and it's completely free!