<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Subscribe to our Blog!
Show all

Safeguarding the Nation's Critical Infrastructure

Critical Infrastructure provides basics in our daily lives including food, water, healthcare, communication and power to our country

Throughout the month of October we had been sharing important tips based on the Stay Safe Online campaign for National CyberSecurity Awareness month.  There have been some common themes throughout each topic.  The first is that we each as individuals must take responsibility personally for our own cyber safety.  The other is that these responsibilities include mindfulness when using technology, creating logins, interacting through the internet and of course when we share any information about ourselves.

I had not considered the interdependence of my daily activities with CyberSecurity until learning more about cyber safety through these tips.  There are 16 sectors of critical infrastructure: they supply us with food, water, financial services, public health, communications and power.  These systems are operated via the internet, so any disruption can potentially have a multitude of effects.  Think back to the 2003 blackout or any major disaster you have experienced.  When large areas are affected by power loss alone, there can be chaos.


Individuals and Organizations play a role in protecting Critical Infrastructure

The energy sector is right there every morning when your alarm wakes you up, as you make your morning coffee and breakfast and watch the morning news.  Every time you use electricity, you are being supported by the nation's power grid.  Cyber attacks on critical infrastructure can be catastrophic.  In December 2015, a major power outage in the Ukraine was attributed to a cyber attack initiated through a spear phishing email.  This same method was used to breach several nuclear power plants including Wolf Creek Nuclear Operating Corporation based in Kansas, with no details released regarding the impact of these attacks, motive or repercussions.

In November 2016, San Francisco's municipal railway was hit by malware.  Hackers displayed a message on station screens: "You are Hacked, ALL Data Encrypted... ”.  Luckily there was no impact on the transit service, safety systems or personal information of passengers.  The same hacker was later linked to another attack.

Some estimates state that the US loses nearly 300 billion dollars a year from theft of intellectual property.  Mo Hailong, a lawful, permanent resident and employee of a China-based seed company, was convicted for his role in a long-term conspiracy to steal trade secrets from Iowa-based DuPont Pioneer and Monsanto. He successfully stole inbred corn seeds from a cornfield. 87% of farmers do not have a response plan if a security breach should occur at a company holding their data. Of those surveyed, only about one in about 20 companies managing their information had presented a security-breach plan.

In September 2015 several attacks on fiber optic cables interrupted phone service for AT&T clients in Livermore California.  The attacker was nicknamed the "Fibre-optic ripper".  This was the 12th attack of it's kind on AT&T's network and in response they offered a reward of 250 thousand dollars for more information on the attack.  

Another example of a breach to critical infrastructure happened between 2015 and 2016 in the SWIFT banking messaging system  In this case, attackers were able to find vulnerabilities in the defenses of banks and use them to access their systems and ultimately gain access to their legitimate SWIFT credentials.  Millions of dollars were stolen and these attacks were traced back to North Korea.

New call-to-action

Critical infrastructure providers need to take cyber security seriously.  They should follow industry-leading and standard frameworks to manage their security posture. This is where the importance of the NIST framework comes in.  The NIST CyberSecurity framework provides common language to create industry standards and best practices to guide businesses in understanding, managing and protecting against CyberSecurity threats.  This method has been proven when this framework is integrated across industries such as manufacturing, utility, communications, financial services and transportation to mitigate risk management. In 2015 the NIST framework was used by 30% of businesses with projections for 2020 to be in use by at least 50% of private sector businesses. 

 

Carrin Harris
Carrin Harris

Carrin Harris has an Associates degree in Business management. She has over 12 years of experience working in technology and marketing. She currently works at 24By7Security in the role of Office Manager and Inbound Marketing Specialist.

Related posts

January 15, 2019
January 7, 2019
December 17, 2018

Comments are closed.

Is Your Retail Store Vulnerable to a Cyber Attack?
Did you know Universities and Colleges have become the hacker's paradise?