Skip Navigation

Critical Infrastructure News

Despite being decades old, SCADA control systems remain well-designed to this day. They bring multiple moving parts together – computers, networks, data communications and user interfaces – to manage machinery and engineered components of industrial systems.

These systems weren’t originally unsafe. The system developers weren’t overly preoccupied with security because they had no conception of something called the Internet. With no Internet in existence at the time, the systems were “air gapped” – meaning not connected to other systems or the outside world, for years.

Now decades later, these complex systems are running on legacy software and operating systems. Air gapping is not a reliable protection due to widespread Internet connectivity. Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack.

Read more: Security Boulevard

Many of the threats facing government have come from organized criminal groups, which have been increasingly willing to work together towards a common goal. Plus the line between cybercriminals and nation-state actors continues to blur.

APT attacks against governments in Europe have continued to grow, with espionage groups like XDSpy using COVID-19 spearphishing attacks to spread malware among Eastern European government entities, and others like Sandworm compromising vulnerable versions of Centreon IT monitoring software. Supply-chain attacks continue to increase in the EU as well.

"Despite the pitfalls in making predictions during a pandemic, we can be confident cyber-risks for government bodies will continue to grow, evolve, and require even greater focus and resources to mitigate," says Andy Garth, ESET's government affairs lead. "Government, like industry, is facing the fact that its productivity tools are being turned against its interests and its ability to protect and provide essential services, ensure economic stability, and even maintain cultural and societal cohesion."

Read further at BetaNews

Water Security is incredibly important to the safety and security of any country, though it’s a topic that rarely pops up when discussing national security. Water, however, in the majority of the world, is a precious commodity and one that is a necessity for the foundations of any society or civilization. As an example, recently in Oldsmar, Florida, a hacker “gained access to the city’s water treatment plant bumping the sodium hydroxide in the water to a "dangerous" level. The caustic substance could have caused major issues for the city’s drinking water supply.” While this didn’t result in a major threat to the city’s populace, it reinforces the threat that hackers pose to the water industry and how susceptible the water industry is to outside influences.

Read more further at Security Mag

Rapid technological change, accelerated by the pandemic and now ingrained in our daily lives, has led us to become increasingly dependent on connected devices within critical infrastructures, as exhibited by the proliferation of smart meters, sensors, industrial controllers, and other “smart” products. As utilities, governments, and other critical infrastructure operators embrace the efficiencies of an expanded IoT and add ever more connected devices to their networks, they simultaneously increase the potential points of attack surface for malicious cyberthreats. This creates risk, and recent attacks on SolarWinds, the Oldsmar, Florida water treatment plant, and SITA, have proven that bad actors are only growing bolder and more sophisticated with their attempts at intrusion and manipulation of critical infrastructures functionality.

Critical infrastructures must balance the utility of expanding their network of connected devices with the threats posed by bad actors. Managing the risk emerging from these threats will require an understanding of the specific style of threats posed, as well as how to counter them.

Read more further at Security Mag

Several U.S. banks have started deploying camera software that can analyze customer preferences, monitor workers and spot people sleeping near ATMs, even as they remain wary about possible backlash over increased surveillance, more than a dozen banking and technology sources told Reuters. Previously unreported trials at City National Bank of Florida and JPMorgan Chase & Co as well as earlier rollouts at banks such as Wells Fargo & Co offer a rare view into the potential U.S. financial institutions see in facial recognition and related artificial intelligence systems. Widespread deployment of such visual AI tools in the heavily regulated banking sector would be a significant step toward their becoming mainstream in corporate America.

Read further at Reuters