Examining the security of our critical infrastructure
In this increasingly connected world, we often take for granted how well things work. We give little thought to flipping on a light switch, filling our cars with gas, getting money from an ATM, or how modern healthcare improves our lives.
But because all these functions are somehow connected to the internet, they each are vulnerable to cyber attacks. Hackers are constantly trying to find ways to gain access to our critical infrastructure, including our power grids, oil and gas drilling facilities, bank accounts, hospital and healthcare systems, and even our national elections.
Examining the security of our critical infrastructure is the focus of Navigant’s fourth and final installment in a series of reports in recognition of National Cyber Security Awareness Month, an observance sponsored each October by the U.S. Department of Homeland Security and the non-profit National Cyber Security Alliance.
Navigant’s global legal technology solutions information security team highlights the dangers, and offers solutions to combat some of the more serious threats to our critical infrastructure.
The availability of electricity, water, oil, and gas are crucial to the operation of our modern economy. But because power grids and oil and gas drilling facilities are connected to the internet, they are increasingly exposed to attack.
For example, there was recent evidence that North Korea tried to take down the U.S. power grid. Cyber attacks on Ukraine’s power system caused a blackout in the capital city of Kiev.
A successful cyber attack in the energy sector can have far-reaching implications beyond those of a facility being shut down. That facility is a critical link to supply energy to other organizations.
By acknowledging the threats, performing a comprehensive and recurring risk assessment, and implementing a mitigation strategy, energy facilities and organizations can be in position to mitigate or prevent cyber attacks.
Navigant’s analysis, Cyber Attacks and the Energy Sector, identifies the threats and offers suggestions on how to prevent future attacks.
Hackers are increasingly targeting hospitals and healthcare facilities in order to access Personal Identifiable Information and Personal Health Information. That information often includes names, Social Security numbers, dates and places of birth, and other sensitive data that hackers can use to access bank and credit card accounts.
Additionally, many modern medical devices have wireless connectivity and remote monitoring features that make them vulnerable to cyber attack. For instance, an attack using ransomware called WannaCry shut down 65 hospitals in the United Kingdom.
The healthcare industry faces huge challenges to create less risk for patients using these devices. Hospitals and healthcare providers need to develop a comprehensive security plan and improve the infrastructure on which these devices are used. Many systems were developed in the 1990s and are open to a variety of breaches and ransomware attacks.
Navigant’s podcast, Cybersecurity – Cybercrime Threats and Risks to Healthcare, has more details about the types of attacks and a prescription for how to prevent them.
Nation-states, such as China and Russia, have the intelligence apparatus and the infrastructure to carry out massive cyber attacks. China has been accused of stealing sensitive employee data from the U.S. Office of Personnel Management and the Department of Defense, while Russia is currently being investigated for trying to influence the outcome of the 2016 presidential election.
One problem is that organizations don’t build their systems in anticipation of a threat from a nation-state. Even if an organization improves its security measures, it’s most likely focusing on the lone wolf hacker or the low-level criminal, not a nation-state. There is a big difference between building security to thwart a threat from a criminal on a laptop, as opposed to 40,000 state workers staging an attack from China.
Organizations need to gear their security toward defending against nation-state attacks. The most effective measures include employee education and training; strengthening password protection; monitoring employee social media; and developing a cybersecurity policy and program.
Navigant’s report, Companies Can Combat Growing Cybersecurity Threats, outlines growing nation-state threats and offers solutions to thwart future attacks.