This week’s National Cybersecurity Awareness Month (NCSAM) theme is “Safeguarding the Nation’s Critical Infrastructure.” The 16 critical infrastructure sectors are designated by the Department of Homeland Security as crucial to the nation’s safety, security, and wellbeing.
Cyberattacks to critical infrastructure are often very large in scale, could pose physical safety concerns, and may have catastrophic consequences.
To shed light on potential impact, we wanted to share a few examples of recent cyber incidents and threats to each of the 16 critical sectors of infrastructure.
Financial and data theft:
Commercial Facilities: Hotels, malls, and entertainment venues – anywhere that draws a crowd – are targets for credit card theft like this 3-month attack on InterContinental Hotels Group.
Financial Services: A Virginia bank was hit twice in eight months by cyberattackers, who stole a combined $2.4 million.
Potential for physical damage and injury:
Chemical: A recent cyberattack on a chemical company in Saudi Arabia would have caused a deadly explosion if not for an error in the malicious computer code.
Dams: A New York dam was semi-successfully taken over by a “hacktivist” group. A more successful attack could cause severe flooding.
Nuclear Reactors: Materials, and Waste: The business operation side of a U.S. nuclear power plant was breached in a fortunately limited attack.
Potential effects on health and wellbeing:
Healthcare and Public Health: An Indiana hospital recently shut down for several days following a ransomware attack. A hospital breach exposes sensitive data and could shut down life-saving equipment.
Communications: Telephone denial-of-service (TDoS) attacks render a telephone line unusable by flooding it with simultaneous calls, and can be targeted to shut down the 911 network.
Food and Agriculture: Modern, high-tech agriculture is vulnerable to cyberattacks – a hit on the power supply, autonomous equipment, or R&D could cause severe food shortages.
Water and Wastewater Systems: A U.S. water treatment plant was breached by hackers, who were able to change chemical levels on tap water and steal sensitive data.
Emergency Services: Baltimore’s emergency dispatch system was hit with ransomware, forcing manual tracking and dispatching for almost 24 hours.
Defense Industrial Base: The U.S. Office of Personnel Management suffered a security breach exposing sensitive data about weapons manufacturers and employees.
Severe disruptions in operations:
Transportation Systems: San Francisco’s public transit system suffered a ransomware attack, forcing the city to allow free travel.
Energy: In 2015 Ukraine suffered the first known successful cyberattack on a power grid, causing a total blackout.
Information Technology: The DHS recently issued a warning that Managed Service Providers are under attack due to their high-level access to IT systems.
Government Facilities: The city of Atlanta was a victim of a costly ransomware attack that left countless city services and programs shut down.
Critical Manufacturing: An undisclosed critical infrastructure facility recently had its operations brought to a halt by a malware attack.
Cybersecurity is our shared responsibility. Everyone plays a critical role in protecting our nation’s critical infrastructure. By staying aware of potential danger and solutions, we can all do our part.
Your Friends @ Defendify