A string of new domestic and international cyberwarnings are raising new questions and alarm bells regarding global critical infrastructure protection, and the definition of what is considered critical is expanding.
On Thursday Oct. 22, 2020, the Australian Home Affairs Minister Peter Dutton warned attendees at The Age's National Security Summit that they must prepare to counter prolonged and catastrophic cyberattacks on critical infrastructure that could disrupt entire industries.
The message to Australia and the world: "The potential consequences of a successful attack could be catastrophic. A prolonged and widespread failure in the energy sector, for example, could cause knock-on disruptions to other essential systems including medical, transport, traffic management systems, banking services or even the supply of food and groceries."
Meanwhile, in the United Kingdom, similar cyberthreats to critical infrastructure have emerged. The author of an article in Infosec Gobal writes, “A new director has been appointed to the National Cyber Security Centre (NCSC, a division of GCHQ), with the outgoing director warning that a 'national cyber emergency' due to a 'category one' cyber attack on our national infrastructure, which could cause loss of life or severe economic damage, has moved closer to probability. Emergencies have been reported that 'came close,' suggesting it feels very much like it’s a matter of 'when, not if.'"
Closer to home, CNBC reports the FBI announced that election infrastructure was under attack: "Iran and Russia have both obtained information about American voter registrations and are trying to influence the public about the upcoming U.S. presidential election, national security officials said Wednesday night.”
Is a New Trend Developing Regarding Critical Infrastructure?
In the midst of the current COVID-19 pandemic, cyberthreats, ransomware attacks and data breaches are all up around the globe. However, these cyberthreats appear more directed at destruction rather than on criminal activity to make money.
Back in June, this blog asked, "Is a 'Cyber Pandemic' Coming?" I included a quote from an article in The Jerusalem Post:
"The founder and CEO of Israeli cybersecurity firm Check Point warned Monday that the new reality created by the coronavirus pandemic will cause threats in the cybersecurity field to rise, and that countries need to protect themselves against the coming ‘cyber pandemic.’
“What happened in the last three months pushed forward five, maybe even 10 years of technological evolution,” he explained.
“More services moved online; companies removed barriers. We allowed developers to work just from within the company physically, so we could keep our intellectual property… In one day, we had to change all of that and allow people to access from home. This rapid change means hackers will find a way… The hackers can find a way to hack a personal computer of an employee and through them get into our Crown Jewels.”
The answer to that cyber pandemic question appears to be yes, if these frequent reports are accurate, and new examples emerge almost daily.
There are differing views regarding whether global governments are ready for these attacks. This article lays out all that’s been done in Australia. Some of those items include:
Other nations are taking similar steps, and the overall critical infrastructure protection market is set to continue to grow rapidly through 2027.
Also this week, Wired Magazine released this article on 12 cyber threats that could wreak havoc on the election. The list includes ransomware, voter data manipulation, DDoS and many more items. Remember that the U.S. Department of Homeland Security (DHS) has declared election equipment and processes as part of critical infrastructure.
At the beginning of this month, this blog described how "DHS Works to Protect National Critical Infrastructure." I interviewed Thad Odderstol, deputy associate director of the National Risk Management Center.
The interview and sector reports linked described progress in the U.S. with plenty more work to be done. Nevertheless, the string of international security incidents and cyberattacks, along with the foreign nation-state attacks on the U.S. election infrastructure, make this question even more critical at the moment.
Just as in the pandemic, near-future events may determine if we are ready for a new round of cyberattacks against critical infrastructure.
Never miss a story with the daily Govtech Today Newsletter.