Skip Navigation

Critical Infrastructure News

Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure.  The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation.  The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.

Read more: The White House

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

The bill covers vulnerabilities in IT and OT systems, as well as security holes in hardware or software that is no longer supported. It also authorizes the DHS to create a competition for identifying remediation solutions for vulnerabilities in IT and ICS products.

Read more: Security Week

In the wake of the Colonial Pipeline and JBS ransomware attacks in recent months, the head of the nation's leading cybersecurity agency says these events are a harbinger of what's to come on the cyber front and there needs to be a greater focus on shoring up the defenses of America's most important assets.

"Both of those incidents highlight the actual real world consequences of cyber incidents, targeting our critical infrastructure. And while today those attacks have impacted Americans at the gas pump and at the supermarkets, our concern is where could this go next," Brandon Wales, the current acting director of the Cybersecurity and Infrastructure Security Agency, told CNN's Pamela Brown in an interview.

While attacks like the ones on JBS and Colonial Pipeline are not new, they have increased in recent years, according to Wales, and they're bolder than ever -- leading criminal attackers to look for bigger targets for more ransom money, including targets that have real world consequences.

Read more: CNN

There is a saying in cybersecurity that “Data is the new oil.” If that is true, then that oil is powering not only the economy but also industry. The term ‘Industry 4.0’ refers to the fourth industrial revolution where traditional manufacturing and industrial processes are increasingly using IT and data to the point that we’re now seeing the emergence of ‘smart factories.’

From the management and control of power and water to the management and control of farms, Operational Technology (OT) control machinery ensures they run effectively and efficiently. OT devices are increasingly becoming part of our IT world, and although the convergence has been happening for some time, it would seem we are only just beginning to recognize its significance.

Read more: Tripwire

Despite being decades old, SCADA control systems remain well-designed to this day. They bring multiple moving parts together – computers, networks, data communications and user interfaces – to manage machinery and engineered components of industrial systems.

These systems weren’t originally unsafe. The system developers weren’t overly preoccupied with security because they had no conception of something called the Internet. With no Internet in existence at the time, the systems were “air gapped” – meaning not connected to other systems or the outside world, for years.

Now decades later, these complex systems are running on legacy software and operating systems. Air gapping is not a reliable protection due to widespread Internet connectivity. Networks can also be easily breached by social engineering, password theft, or tainted USBs, as in the Stuxnet attack.

Read more: Security Boulevard