Last week’s hacking incident at a Florida water treatment facility has the cyber and defense community talking about the need for password protection, legacy system upgrades, and the possibility of increased regulation. Beyond focusing on who did it and how, the more strategic questions at play are why cyber attacks involving critical infrastructure are continuing and what does this mean for our long term, enterprise-wide cyber strategies?
Senior cyber leaders at companies of all sizes and in federal organizations are sharing concerns about this attempted cyber sabotage incident. It adds to a growing number of cyber events entangled with critical infrastructure that we have seen in the U.S. and worldwide over the last two decades.
Best cyber practices for water treatment suppliers are circulating and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ICS-CERT provides critical infrastructure owners with industrial control systems advisories regularly. However, will cyber leaders and technology companies shaping society’s dependence on the virtual world acknowledge, plan, and execute the appropriate, proactive cyber response actions in time for them to be meaningful in case of a cyber fire sale scenario in the future? Time will tell.
Consistent Cyber Sabotage Attempts
Our adversaries do their cyber homework. They have, and are, victimizing energy companies, power grids, water treatment facilities, dams, hospitals, nuclear power plants, and federal agencies in the U.S. and other countries worldwide.
The Stuxnet worm was deployed against Iran’s nuclear program as early as 2007 according to some reports. SCADA system-related cyber attacks have also manifested with two multi-sector electricity blackouts in the Ukraine—including the capital of Kiev—and at a petrochemical company with a plant in Saudi Arabia. Additional ICS-related cyber targets or attack instances include ICS manufacturers, ICS-focused malware campaigns, and more.
And what does the full picture of the SolarWinds supply chain attack on critical infrastructure look like? We may never know.
Cyber Threats on Human Life
At times, virtual activities such as cyber sabotage risks human lives. For example, ransomware attacks in the healthcare sector have delayed medical treatment resulting in death and forced medical offices to close permanently. Some attacks have shut down hospital systems and labs.
The NotPetya global software supply chain and malware attacks in 2016 impacted the international shipping community and halted production of a key HPV vaccine. How could a similar cyber attack today impact the pharmaceutical companies leading the Covid-19 vaccine production and distribution efforts?
Strategic Implications of Cyber Attacks Drive Digital Risk Management
Strategic implications involving cyber attacks can help launch the conversation or drive your next cyber steps for technology planning and investment, including:
- Proactive Cybersecurity = Preparedness: Don’t wait for your organization to be swept up in an attack when you have the opportunity to plan for one now. Could your organization be vulnerable to a cyber sabotage or fire sale? If so, how and what can you do today to help prevent it? Avoid the ‘relief response’ to others experiencing an incident or disaster—it can happen to you. Explore how your company will respond in a similar situation before it does.
- Untangle the IT vs OT Web: Do your OT and IT teams compete with one another or support one another? What does that look like at your organization? What lessons from other sectors making this work can be applied to your company? Ensure that OT and IT are communicating on ALL critical enterprise systems.
- Collaboration is Key: Stop hoarding and start sharing cyber information. Until we do, it will continue to be every organization for themselves in the digital world we know (or at times deny), that we presently find ourselves in, or that we are being forced to shift toward. Some resources for doing this include: National Council of ISACs, InfraGuard, NCFTA, and other sector-specific interest groups.
In the event of a cyber fire sale, we will be less focused on whether a mischievous domestic hacker or a technically advanced cyber adversary is behind the activity and more focused on recovery. And if there is no sale, would enhancing your organization’s cybersecurity posture to protect intellectual property and other critical assets from other nefarious types of cyber activity be a bad thing?
Connect with GPSG’s Cybersecurity experts at cyberteam@gpsg.co. We look forward to helping your organization navigate the current cyber threat landscape to make the most informed cybersecurity and technology planning and investment decisions to achieve peak cybersecurity performance.
Disclaimer: This website provides ever changing content, conversations, and insights on cyber threats and trending solutions that is accurate to the best of our knowledge. Although we are cybersecurity experts, we provide information which we hope is helpful, and do not endorse any specific products, tools, or solutions referenced herein. Consult with your cybersecurity team before taking any action.