Skip Navigation

Critical Infrastructure News

As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. 

There are actions that executives, leaders, and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families. Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

  • Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack. 
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords and ensure they are not reused across multiple accounts. 
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored. 
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness. 

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:

Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident. Note: for assistance, review available incident response guidance, such as the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide, the Public Power Cyber Incident Response Playbook, and the new Federal Government Cybersecurity Incident and Vulnerability Response Playbooks.

CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat. For a comprehensive overview, see the joint Cybersecurity Advisory Ransomware Awareness for Holidays and Weekends. For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

Access this alert at CISA.gov

Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials. 

The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.

The warning is notable because even though ransomware attacks remain prevalent in the U.S., most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.

Government officials aren't the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.

Read more: USNews

The critical infrastructure sector — energy, utilities, oil and gas, and more — is largely made up of privately owned and operated organizations, and yet, their demise is anything but private. As we’ve watched critical infrastructure attacks or unexpected natural events take place in a variety of forms over the past year — including the Colonial Pipeline Co. cyberattack, the Texas power crisis and others — damage to an organization within this sector can have devastating impacts across organizations, communities and countries.

The Colonial Pipeline Co. system, which carries gasoline and jet fuel to portions of the United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline, leading to shortages across regions of the country.

Other news from this year included attacks and attempted attacks on water treatment plants in California and Florida, where threat actors hacked into systems to alter chemical levels of the water supply.

Criminal attacks are not the only threats that can have a widespread impact on the sector and greater population, however. When Texas saw uncharacteristically cold temperatures in February of this year, the critical infrastructure in the state was not equipped to handle the extreme temperatures in that region, resulting in more than 100 deaths and millions of Texans losing power for more than two weeks. Additionally, Hurricane Ida, which made landfall on Louisiana and Mississippi at the end of August this year, was one of the most powerful hurricanes in U.S. history to make landfall on the mainland; more than a million customers in Louisiana and Mississippi were without power, for weeks.

In the past year and a half, in particular, security leaders have realized there is no such thing as a “black swan” event, says Brian Harrell, Vice President and Chief Security Officer at AVANGRID. While the threats to critical infrastructure may be big, the potential impacts may be even bigger, but there’s no response “cavalry” waiting in the wings to swoop in and help. With this in mind, Harrell says, critical infrastructure organizations can take a couple of steps to secure their business, their services and their communities — and they all come down to being proactive.

Read more: Security Mag

The Cybersecurity and Infrastructure Security Agency (CISA) developed a four-product de-escalation series for critical infrastructure owners and operators to:

  1. Recognize the warning signs for someone on a path to violence, identify stressors, changes in baseline behavior, and observable behavioral indicators.
  2. Assess the situation to protect personal safety and the safety of those around you. Identify what an escalating person may look like and warning signs. It is important to create a holistic assessment of the person of concern’s circumstances and stressors; this begins with awareness of one’s self, precipitating events or stressors, and the situation unfolding.
  3. De-escalate the situation currently taking place if safe to do so. Individuals are encouraged to use purposeful actions, verbal techniques, and body language to calm a potentially dangerous situation.  Safety is the highest priority, know your limits, and obtain help immediately if needed.
  4. Report the situation through organizational reporting to enable assessment and management of an evolving threat, and 9-1-1 for immediate threats.

According to CISA, the De-Escalation Series for Critical Infrastructure Owners and Operators follows the Employee Vigilance Through the Power of Hello to help critical infrastructure owners, operators, and staff identify and navigate suspicious activity or potentially escalating situations to safely dis-engage and report to local law enforcement or their organization’s multi-disciplinary threat management team.

Read more: Security Mag

On Wednesday, July 28, 2021, the President signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The National Security Memorandum establishes a voluntary initiative intended to drive collaboration between the Federal Government and the critical infrastructure community to improve cybersecurity of control systems.  It instructs the Department of Homeland Security (DHS) to lead the development of preliminary cross-sector control system cybersecurity performance goals as well as sector-specific performance goals within one year of the date of the National Security Memorandum. These goals are intended to provide a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety.

“Today, we are delivering on the first step of the President’s National Security Memorandum (NSM) objectives to strengthen the cybersecurity of our Nation’s critical infrastructure control systems,” Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo said a joint statement. “DHS’s Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Department of Commerce’s National Institute of Standards and Technology (NIST), developed preliminary cybersecurity performance goals based on nine categories of best practices. These goals are part of a long overdue, whole-of-government effort to meet the scale and severity of the cybersecurity threats facing our country. It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals. The safety and security of the American people relies on the resilience of the companies that provide essential services such as power, water, and transportation. We look forward to further engaging with key industry stakeholders to promote these efforts to protect our national and economic security.”

Read More: HS Today