Skip Navigation

Critical Infrastructure News

Increased automation and the adoption of new technologies to assist with meter reading, leak detection and other operational goals open up a host of new attack surfaces for malicious actors to prey upon. And the COVID-19 pandemic added further risks to the equation as more employees began working remotely and using personal devices for official business.

Recent industrial control system (ICS) events have reinforced these concerns. Control systems, which are part of a utility’s OT environment, manage chemical feeds, pumps and other aspects of water treatment and movement. In February of this year, Oldsmar, Fla., made national headlines when a hacker leveraged a city TeamViewer account to access and change caustic soda levels at the water treatment plant. Around the same time, another hacker used TeamViewer to access the control system and delete files at a large California water facility. And in 2019, a former Post Rock Rural Water District employee who had retained login credentials after leaving the utility’s employment allegedly shut down the treatment process.

In all three cases, the utilities prevented public health impacts through a combination of awareness and technology. But will the next victim of an attack be so prepared — or so fortunate? Such incidents can lead to deaths and illnesses, not to mention reputational damage, lawsuits, employee downtime and the cost of recovery.

Read more: Security Mag

The Transportation Security Administration will impose new cybersecurity mandates on the railroad and airline industries, including reporting requirements as part of a department effort to force compliance in the wake of high-profile cyberattacks on critical industries, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.

DHS is moving to require more companies in critical transportation industries to meet a cybersecurity baseline, chipping away at voluntary cybersecurity incident reporting.

As part of a forthcoming "security directive," TSA will require higher-risk railroad and rail transit entities to report cyber incidents to the federal government, identify cybersecurity point persons and put together contingency and recovery plan in case they become victims of cyberattacks.

The directive will be issued by the end of the year, Mayorkas said at the annual Billington CyberSecurity Summit, where he spoke virtually.

Read More: CNN

The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement Thursday saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.”

Cybersecurity and Infrastructure Security Agency Director Jen Easterly initially disclosed that the port was the target of an attack at a Senate committee hearing Thursday morning. She said she believed a “nation-state actor” was behind the hack, but did not say which one.

“We are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” she said.

Sen. Rob Portman, R-Ohio, said the hack was “concerning” and said the U.S. needed to “push back against these nation-state actors who continue to probe and to commit these crimes against our public and private sector entities.”

Read more: NBC News

On Wednesday, July 28, 2021, the President signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The National Security Memorandum establishes a voluntary initiative intended to drive collaboration between the Federal Government and the critical infrastructure community to improve cybersecurity of control systems.  It instructs the Department of Homeland Security (DHS) to lead the development of preliminary cross-sector control system cybersecurity performance goals as well as sector-specific performance goals within one year of the date of the National Security Memorandum. These goals are intended to provide a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety.

“Today, we are delivering on the first step of the President’s National Security Memorandum (NSM) objectives to strengthen the cybersecurity of our Nation’s critical infrastructure control systems,” Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo said a joint statement. “DHS’s Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Department of Commerce’s National Institute of Standards and Technology (NIST), developed preliminary cybersecurity performance goals based on nine categories of best practices. These goals are part of a long overdue, whole-of-government effort to meet the scale and severity of the cybersecurity threats facing our country. It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals. The safety and security of the American people relies on the resilience of the companies that provide essential services such as power, water, and transportation. We look forward to further engaging with key industry stakeholders to promote these efforts to protect our national and economic security.”

Read More: HS Today

The past year made it clear how many cyber challenges we face and how the threat landscape has evolved since the physical attacks on our country on 9/11. A raft of ransomware attacks has led to ransom demands as a condition for the decryption of data and to prevent its public release. Threat actors have successfully compromised digital and technology supply chains to launch large-scale attacks on governments and enterprises, impacting small businesses, local government, and hospitals. Attacks on critical infrastructure have also increased significantly over the past several years, leading to the compromise of water treatment plants, food processing facilities, and oil and gas infrastructure, which have dramatically increased the real-world impacts of cyber-attacks.

While the U.S. government has worked to respond to these emerging challenges, most notably through a Presidential Executive Order and the Cybersecurity and Infrastructure Security Agency (CISA) release of advisories and mitigation guidance, there is more work to be done. The Executive Order and the executive actions it has already spurred will have some impact, but the government needs to further enhance its response to threat actors behind many of the recent attacks with a focus on nation-states. The Biden administration should also consider pushing for expanded international action and embracement of shared cyber norms that help protect critical infrastructure and limit the impact to everyday users.

Undoubtedly, the most high-profile story in cyber over the past year has been ransomware. The past year has seen an observed rise in ransomware attacks, impacting a broader cross-section of industry, including industrial production facilities and critical infrastructure. Even in instances where companies successfully defend against a ransomware attack, via backups for example, they still face the threat of data exfiltration and “double extortion,” where there is the demand for a ransom to prevent the release or sale of stolen data coupled with the initial decryption payment demand.

Attacks on critical infrastructure have had major downstream impacts, such as the impacts on gasoline availability on the East Coast following the Colonial Pipeline attack. In some instances, these attacks have compounded physical supply chain issues. The attack on JBS, a major meat processing company, led to temporary shortages intensified by COVID-19 related supply chain impacts. Similarly, attacks on major logistics firms, like CMA CGM, can have follow-on effects, impacting the supply of a wide variety of goods across an interconnected global supply chain.

Read more: HS Today