Skip Navigation

Critical Infrastructure News

On Wednesday, July 28, 2021, the President signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The National Security Memorandum establishes a voluntary initiative intended to drive collaboration between the Federal Government and the critical infrastructure community to improve cybersecurity of control systems.  It instructs the Department of Homeland Security (DHS) to lead the development of preliminary cross-sector control system cybersecurity performance goals as well as sector-specific performance goals within one year of the date of the National Security Memorandum. These goals are intended to provide a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety.

“Today, we are delivering on the first step of the President’s National Security Memorandum (NSM) objectives to strengthen the cybersecurity of our Nation’s critical infrastructure control systems,” Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo said a joint statement. “DHS’s Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Department of Commerce’s National Institute of Standards and Technology (NIST), developed preliminary cybersecurity performance goals based on nine categories of best practices. These goals are part of a long overdue, whole-of-government effort to meet the scale and severity of the cybersecurity threats facing our country. It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals. The safety and security of the American people relies on the resilience of the companies that provide essential services such as power, water, and transportation. We look forward to further engaging with key industry stakeholders to promote these efforts to protect our national and economic security.”

Read More: HS Today

Aurora Innovation Inc., Paccar Inc. and FedEx Corp. launched a commercial pilot of autonomous trucking in Texas. The companies said they started using a Paccar tractor equipped with self-driving technology to haul FedEx loads between Dallas and Houston, a 500-mile round trip, along the I-45 corridor Sept. 21.

Although the truck will be driving itself, the test program will have a safety driver in the cab, ready to take over operations if needed. But that backup is scheduled to end, said Aurora, which develops self-driving technology for heavy-duty trucks and passenger cars used for ride-hailing. The Mountain View, Calif., company calls its primary system Aurora Driver.

Read more: Transport Topics

Global trade patterns distorted by the COVID-19 pandemic have thrown the intermodal shipping industry out of whack, creating massive imbalances in shipping containers, intermodal chassis and drayage drivers. That’s the assessment of an expert panel during the Intermodal Association of North America’s Intermodal Expo on Sept. 13. “The intermodal industry is under unprecedented strain,” said Larry Gross, founder and president of Gross Transportation Consulting. “A host of problems have ricocheted across the entire industry.” 

Virtually every segment, from shipping to rail to trucking, struggles to get capacity in the best locations and find enough drivers and staff to keep operations running smoothly, he said. “Part of the challenge that we face is the lopsided nature of development in the wake of COVID,” Vespucci Maritime CEO Lars Jensen said. Speaking by teleconference from Copenhagen, Denmark, Jensen said other nations aren’t matching the explosion in import volume to the U.S. Globally, trade volumes are only slightly above their pre-pandemic levels. That has caused shipping lines to relocate vessels to the Pacific shipping lanes and create a global imbalance.

Read more: Transport Topics

The past year made it clear how many cyber challenges we face and how the threat landscape has evolved since the physical attacks on our country on 9/11. A raft of ransomware attacks has led to ransom demands as a condition for the decryption of data and to prevent its public release. Threat actors have successfully compromised digital and technology supply chains to launch large-scale attacks on governments and enterprises, impacting small businesses, local government, and hospitals. Attacks on critical infrastructure have also increased significantly over the past several years, leading to the compromise of water treatment plants, food processing facilities, and oil and gas infrastructure, which have dramatically increased the real-world impacts of cyber-attacks.

While the U.S. government has worked to respond to these emerging challenges, most notably through a Presidential Executive Order and the Cybersecurity and Infrastructure Security Agency (CISA) release of advisories and mitigation guidance, there is more work to be done. The Executive Order and the executive actions it has already spurred will have some impact, but the government needs to further enhance its response to threat actors behind many of the recent attacks with a focus on nation-states. The Biden administration should also consider pushing for expanded international action and embracement of shared cyber norms that help protect critical infrastructure and limit the impact to everyday users.

Undoubtedly, the most high-profile story in cyber over the past year has been ransomware. The past year has seen an observed rise in ransomware attacks, impacting a broader cross-section of industry, including industrial production facilities and critical infrastructure. Even in instances where companies successfully defend against a ransomware attack, via backups for example, they still face the threat of data exfiltration and “double extortion,” where there is the demand for a ransom to prevent the release or sale of stolen data coupled with the initial decryption payment demand.

Attacks on critical infrastructure have had major downstream impacts, such as the impacts on gasoline availability on the East Coast following the Colonial Pipeline attack. In some instances, these attacks have compounded physical supply chain issues. The attack on JBS, a major meat processing company, led to temporary shortages intensified by COVID-19 related supply chain impacts. Similarly, attacks on major logistics firms, like CMA CGM, can have follow-on effects, impacting the supply of a wide variety of goods across an interconnected global supply chain.

Read more: HS Today

Around the world, there are an estimated 40.3 million victims trapped in modern-day slavery, according to the International Labour Organization. One in four of those victims are children. In addition, victims’ rights groups say that human trafficking across the U.S. (and the world) rose during the COVID-19 pandemic.

The U.S. National Human Trafficking Hotline, which only collects information from its hotline, has seen growth year over year in human trafficking situations, recording a 5% increase in reported cases between 2018 and 2019, for example.

But the numbers are difficult to get a handle on due to the nature of human trafficking; many crimes are never prosecuted, let alone reported. Countries or states reporting zero or low amounts of human trafficking offenses, for example, are merely reflecting data reported by local law enforcement or the justice system.

Aside from a moral obligation to seek out and report possible criminal behaviors such as human trafficking, organizations in any sector may face repercussions related to human trafficking, such as reputational damage, legal damage and supply chain damage, according to Lindsey Roberson, Director of Legal Engagement at the Human Trafficking Institute. The Human Trafficking Institute works all over the world to identify best practices for the prosecution of trafficking crimes, publish human tracking data, and help other countries identify and prosecute trafficking crimes.

“Frontline workers in any industry can certainly be briefed and trained on signs of trafficking,” Roberson says. But security leaders or those leaders within the enterprise that deal with risk and resilience, labor and safety, should also be looking at other areas to mitigate human trafficking and potential effects on the business, she says.

Taking a proactive approach to examining potential risks and liabilities within the supply chain in regards to human rights violations, human trafficking or other abuses, can save a company from financial or legal liabilities, but also help it avoid the look of impropriety that can cause consumers and others to place judgment on the organization and inflict irreversible reputational damage.

Read more: Security Mag