The Increasing Danger of Cyber Attacks On America’s Institutions

"Cyber Security and Visual Analytics" by Pacific Northwest National Laboratory - PNNL is licensed under CC BY-NC-SA 2.0

In 2018, the hacking of the Los Angeles Department of Water and Power took only six hours. An invader hid in thousands of computers tied to water utilities all across America earlier this year. Burglars in Portland, Oregon, planted malicious devices on a system that supplies power to a large portion of the Northwest USA.

L.A. and Portland were two of the situations that were put to the test. Dragos, a cybersecurity group, discovered that the water story was true.

“Cyber Security at the Ministry of Defence” by Defence Images is licensed under CC BY-NC 2.0

These three emphasize a lengthy but under-appreciated fact: the data security of computer systems managing the equipment that generates and transports water and electricity in America is catastrophically insufficient, a low priority for managers and authorities, and poses a terrible national security threat.

Cybercriminals intent on making money or practicing espionage have long posed a threat to American computer systems. However, in the previous six months, they’ve been more persistent in targeting organizations that run operating networks, such as the Colonial Pipeline gasoline system. These are all the systems that can poison water, cause a gas line to leak, or cause a transformer to explode.

The dangers of hacking are not new

The danger has been ever-present for at least ten years; anxieties about it have been around for a generation, but the response has been hampered by cost and disinterest.

It’s unclear why ransom cybercriminals (who employ hostile software to prevent access to the computer until a fee is paid) have recently shifted their focus from modest institutions, banks, and city municipalities to energy businesses, meat processing facilities, and grids.

Stiff competition and larger payments, as well as hostile foreign participation, are suspected by experts. This change is finally bringing the issue to the forefront.

When the Clinton administration categorized 14 private industries as vital infrastructure in 1998 (spanning chemicals, military, electricity, and financial services), the US government began taking limited steps to preserve cybersecurity.

Banking and power were both regulated as a result of this. Other businesses, such as the oil and gas industry, were slower to protect their systems, according to Rob Lee, the creator of Dragos.

The difficulties in implementing cybersecurity

The operating and economic impacts of interrupting manufacturing and implementing new technologies is one of the explanations.

Most of the technological infrastructure is too outdated to support advanced cybersecurity solutions. Hardware ripping and replacement, as well as service disruptions, are both costly.

Network managers are concerned that executing the job piecemeal will make things worse because it will enhance a network’s vulnerability to hackers, according to Nozomi’s Carcano.

Despite the fact that the Biden administration’s budget includes $20 billion to improve the nation’s grid, state and federal officials have previously shrugged off the issue.

Even in under-regulated industries like oil and gas, companies that prioritize cybersecurity have received little help.