Infrastructure isn’t usually the first thing that comes to mind when someone mentions cybersecurity, but it definitely should be. In such a connected world, it is becoming easier for hackers to cause a lot of damage to critical infrastructure such as water, sewer, powerplants, hospitals, and emergency services, all with little investment. Cybersecurity attacks can not only do significant damage but can shut down these services altogether. As the real actors behind these attacks are easily concealed, understanding the source and motive proves difficult. 90% of these hackers cover their tracks by using encryption.
Unfortunately, this simply doesn’t get the limelight it should. Let’s take a look at how wrong infrastructure cybersecurity can go.
Infrastructure Attacks
One of the most recent attacks occurred in NYC. December 28th 2018, LaGuardia airport experienced a blackout caused by a power surge, leaving the airport in the dark and grounding flights for two hours. As it turns out, the transformer explosion was likely due to a cyberattack. Any airport being without power for several hours can have detrimental effects, such as flight delays that cause a domino effect among connecting airports and the shutting down of restaurants and shops within the airport.
In 2017 the National Health Service (NHS) in the United Kingdom was hit by the WannaCry ransomware. Ultimately it cost £100m and lead to 19,000 appointment cancelations. It took down one-third of NHS trusts and eight percent of GP practices’ IT systems. An additional £500,000 was spent on IT and security consultants to restore data and systems. Had this attack been more significant, as hospitals were affected, lives could have been at stake.
Perhaps one of the most well-known, and likely politically-charged, infrastructure attack occurred in December 2015 in Ukraine. Presumably a Russian hacker gained access to a control center in Western Ukraine that left 230,000 people in darkness for 6 hours. The Industrial Control System (ICS) wasn’t manipulated, however the hackers were able to penetrate the networks of electricity distribution companies and destroy the software used by ICS. So how exactly did they do it? The attackers overwrote firmware on devices at 16 substations, leaving them unresponsive to remote commands.
2003 saw the first major cyberattack – although it wasn’t labeled as such at the time. As it goes there was a major blackout in the Northeast region of the U.S. which at the time was attributed to a downed power-line. However, we now know that the blackout was a cyberattack. Eleven deaths and an estimated $6 billion in economic damages were attributed to this incident, having disrupted power over a wide area for at least two days.
When the stakes are so high, it is easy to see why infrastructure cybersecurity needs to have a high emphasis.
Where Do We Go From Here?
Despite the clear threats, there has been an ongoing lack of urgency and action. Critical infrastructure organizations need to keep improving their security, reducing the effectiveness of phishing attacks (still amongst the most prevalent attack vectors), segregating and controlling network access, reviewing and testing both old and new hardware and software, and doing digital due diligence on suppliers.
The Department of Homeland Security, through NIST (National Institute of Standards and Technology) suggests the following:
- Invest in physical and cyber risk management products and plans
- Educate employees about critical infrastructure security and resilience
- Plan for business continuity
- Share threat and incident information
- Report suspicious activity
- Prepare for all hazards at home and work
Network and cybersecurity assessments are essential to addressing threats before they happen. With the right personnel, resources, and cybersecurity knowledge an internal audit can be done, but for those lacking in these areas an external assessment is the best option.
Experienced IT professionals like the Netzbahn team can review, design, and manage controls. Safeguarding your team’s infrastructure and daily processes is what we do. Contact us at 920.297.5000 to learn about Netzbahn’s custom programs.