I know what critical infrastructure is - do you? Critical infrastructure is the basis of a nation’s safety, public health and economy, simply because it is composed of an essential body of assets, systems, and networks that ensures the proper functioning of any nation. As its name indicates, it is very, very much fundamental for the functioning of a society.
You'd know by heart. More specifically, which is the critical infrastructure of your country? In the USA, according to the Cybersecurity & Infrastructure Security Agency, there are 16 critical infrastructure sectors, whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their destruction would have a debilitating effect on its security, economic, public health or safety - or any combination. Thus, they are: Chemical Sector; Commercial Facilities Sector; Communications Sector; Critical Manufacturing Sector; Dams Sector; Defense Industrial Base Sector; Emergency Services Sector; Energy Sector; Financial Services Sector; Food and Agriculture Sector; Government Facilities Sector; Healthcare and Public Health Sector; Information Technology Sector; Nuclear Reactors, Materials, and Waste Sector; Transportation Systems Sector, and Water and Wastewater Sector. Checking that lengthy list is worthy, for not always one is conscientious to be working in one of these fields. Finding it out surely will give one a sense of proximity to this issue.
In jeopardy, in jeopardy - it's getting so out of hand. The three interwoven elements of critical infrastructure are physical, cyber, and human. Admittedly, they pose different kinds of risks, although, with the rise of the internet and connected devices, the main risk has become increasingly digital as any kind of technology is becoming more connected to digital technologies and networks, certainly increasing the vulnerability to cyberattacks. According to the increasing attacks, is plainly obvious that hackers are becoming quite able at identifying the most vulnerable critical infrastructures and where to hit them hard. This, note an author, “is why organizations in the oil, gas, and utilities industry are now becoming prime targets for these hackers who have discovered that they are the most likely to pay ransomware demands”.
One million reasons. Actually, few people were concerned about how vulnerable America's critical infrastructure is before the Colonial Pipeline attack was called to widespread attention. On top of that, the subsequent inquiry´s results were not exactly flattering to the information security architecture and maintenance of the infrastructure that was so seemingly easy to attack. Moreover, in the aftermath, the US Congress passed new information security laws, and several federal agencies enacted new cybersecurity requirements. Accordingly, inspired boardrooms and executives got to revisit their own ransomware response plans.
It´s a cruel Summer. Was it sufficient? Hardly. In general terms, evidence suggests that there was an increasing number of attacks. Thus, Microsoft reported that cyberattacks targeting critical infrastructure had doubled from 20% to 40% of nation-state-sponsored attacks they observed in 2022 and unfortunately, this trend will continue to accelerate in 2023.
It's the final countdown. Despite the wake-up call that was the Colonial Pipeline ransomware incident, America´s critical infrastructure systems continue to be a primary target for cybercriminals. There are many means to improve their protection, although, like almost always in the information security field, the best is awareness.
Sources & authors quoted.
“Critical Infrastructure Cyber Attacks: A New Form of Warfare”, https://dataprot.net/articles/critical-infrastructure-cyber-attacks/
“I know you by heart”, by Eva Cassidy
“Physical, Cyber and Human Elements”, Fema. https://emilms.fema.gov/is_0860c/groups/133.html
“Critical infrastructure and cybersecurity”, https://energy.ec.europa.eu/topics/energy-security/critical-infrastructure-and-cybersecurity_en
“The Biggest Threats to the US Critical National Infrastructure” https://itegriti.com/2022/managed-services/the-biggest-threats-to-the-us-critical-national-infrastructure/#:~:text=They%20include%20primary%20actors%20such,chain%20attacks%20and%20natural%20disasters
“Colonial Pipeline ransomware attack's unexpected legacy”, by Sam Sabin, https://www.axios.com/2023/05/08/colonial-pipeline-ransomware-attacks-unexpected-legacy
“Ransomware business achieves critical mass”, by Scott Rosenberg, https://www.axios.com/2021/06/02/ransomware-industry-jbs-colonial
“It´s a cruel Summer” by Tylor Swift
“Critical infrastructure attacks remain a threat on the cyber horizon”, https://www.securityinfowatch.com/critical-infrastructure/article/53013068/critical-infrastructure-attacks-remain-a-threat-on-the-cyber-horizon
“The final countdown”, by Europe