In 2018, the hacking of the Los Angeles Department of Water and Power took only six hours. An invader hid in thousands of computers tied to water utilities all across America earlier this year. Burglars in Portland, Oregon, planted malicious devices on a system that supplies power to a large portion of the Northwest USA.
L.A. and Portland were two of the situations that were put to the test. Dragos, a cybersecurity group, discovered that the water story was true.
These three emphasize a lengthy but under-appreciated fact: the data security of computer systems managing the equipment that generates and transports water and electricity in America is catastrophically insufficient, a low priority for managers and authorities, and poses a terrible national security threat.
Cybercriminals intent on making money or practicing espionage have long posed a threat to American computer systems. However, in the previous six months, they’ve been more persistent in targeting organizations that run operating networks, such as the Colonial Pipeline gasoline system. These are all the systems that can poison water, cause a gas line to leak, or cause a transformer to explode.
Age of the cyber-attack: US struggles to curb rise of digital destabilizationhttps://t.co/0h7r27vOnE#InformationSecurity #Privacy #Phishing #Ransomware #Cloud#Cybersecurity #Infosec #Cyberattacks #Hacking #IoT #Security pic.twitter.com/thOqgYWjre
— Paula Piccard 🇵🇷 🏳️🌈 🇺🇸 (@Paula_Piccard) June 14, 2021
The dangers of hacking are not new
The danger has been ever-present for at least ten years; anxieties about it have been around for a generation, but the response has been hampered by cost and disinterest.
It’s unclear why ransom cybercriminals (who employ hostile software to prevent access to the computer until a fee is paid) have recently shifted their focus from modest institutions, banks, and city municipalities to energy businesses, meat processing facilities, and grids.
Ransomware cases continue to rise. There have been several notable instances in the news recently. To help mitigate your risk, @CISAgov published a new fact sheet – Rising Ransomware Threat to OT Assets: https://t.co/B85epylNmD #Ransomware #Cybersecurity pic.twitter.com/yL9hn00M5o
— Cybersecurity (@cyber) June 10, 2021
Stiff competition and larger payments, as well as hostile foreign participation, are suspected by experts. This change is finally bringing the issue to the forefront.
When the Clinton administration categorized 14 private industries as vital infrastructure in 1998 (spanning chemicals, military, electricity, and financial services), the US government began taking limited steps to preserve cybersecurity.
Banking and power were both regulated as a result of this. Other businesses, such as the oil and gas industry, were slower to protect their systems, according to Rob Lee, the creator of Dragos.
The difficulties in implementing cybersecurity
The operating and economic impacts of interrupting manufacturing and implementing new technologies is one of the explanations.
SCOOP: Avaddon ransomware shuts down and releases decryption keys for victims.https://t.co/cRXswailLH
— BleepingComputer (@BleepinComputer) June 11, 2021
Most of the technological infrastructure is too outdated to support advanced cybersecurity solutions. Hardware ripping and replacement, as well as service disruptions, are both costly.
Network managers are concerned that executing the job piecemeal will make things worse because it will enhance a network’s vulnerability to hackers, according to Nozomi’s Carcano.
Despite the fact that the Biden administration’s budget includes $20 billion to improve the nation’s grid, state and federal officials have previously shrugged off the issue.
Even in under-regulated industries like oil and gas, companies that prioritize cybersecurity have received little help.