To say key assets are under attack is under statement. Key assets are under constant attack.
Onlookers might have been heartened that 2023 didn’t see a repeat of the Colonial Pipeline ransomware event. That high-profile attack shut down the 5,500-mile pipeline, the largest for refined oil products in the U.S. for six days.
However, Vedere Labs recorded more than 420 million cyber attacks on global critical infrastructure assets throughout the year.[i] That figure averages out to 13 attacks per second, a staggering 30% increase from 2022.
Attacks on global critical infrastructure surging
These attacks are impacting everyone, although the U.S. leads the way as the most targeted.
Australia, for its part, experienced a 23% surge in cybercrime on its critical infrastructure, businesses, and homes, according to the Australian Cyber Security Centre. Cyber crime and state sponsorship are equally likely to be motivating factors for threat actors.
U.K. national cyber security officials are also warning of a deteriorating cyber environment, pointing to the Russia’s invasion of Ukraine, beginning in February 2022, as a critical moment of proliferation in the cyber capabilities of state and non-state actors.[ii]
Since then, though, the threat level hasn’t come down. The U.S., again, has been hit by a battery of attacks. New York state critical infrastructure alone suffered 83 incidents in the first half of 2023.[iii] A North Texas Municipal Water District was attacked last November.[iv] Around the same time, a wave of ransomware attacks on healthcare targets forced hospitals to divert ambulances from emergency rooms and reschedule operations.[v]
More recently, an intelligence advisory circulated, alerting the critical infrastructure community of the persistent access that China-backed hackers had to key assets.
Critical infrastructure regulations stiffening
Meanwhile, policymakers aren’t sitting by idly. In the U.K., Parliament’s Science, Innovation and Technology Committee has begun an official inquiry into the cyber resilience of the country’s critical national infrastructure.[vi] One of the objectives of that inquiry is to determine progress made by the critical infrastructure community toward achieving its 2025 resilience targets.
In the middle of February, the Biden Administration announced a new initiative[vii] to bolster cybersecurity of U.S. ports. The latest sectoral action to counter the cyber threat, the measure includes:
- Require vessels and waterfront facilities to mitigate cyber conditions
- Institute mandatory reporting of cyber incidents
- Establish minimum cybersecurity requirements that meet international and industry-recognized standards to best manage cyber threats
In Australia, updates to the Security of Critical Infrastructure (SOCI) Act have been in effect for nearly a year. That reform agenda includes:
- Developing cyber security incident response plans to prepare for a cyber security incident. An incident response plan is a written plan detailing how an entity will respond to cyber security incidents that affect its systems. This obligation will assist entities to articulate ‘what to do’ and ‘who to call’ in the event of a cyber incident.
- Undertaking cyber security exercises to build cyber preparedness. Cyber security exercises test preparedness, mitigation, and response capabilities. Ultimately, an exercise is designed to reveal whether the existing resources, processes and capabilities of an entity sufficiently safeguard the system from being impacted by a cyber security incident.
- Undertaking vulnerability assessments to identify vulnerabilities for remediation. Vulnerability assessments identify ‘gaps’ in systems that expose entities to particular types of cyber incidents. These assessments will help entities identify where further resources and capabilities are required to improve an entity’s preparedness for, and resilience to, cyber incidents.
- Providing system information to develop and maintain a near-real time threat picture. System information is data generated about a system for the purposes of security, diagnostic monitoring or audit, such as network logs, system telemetry and event logs, alerts, netflow, and other aggregate or metadata that provide visibility of malicious activity occurring within the normal functioning of a computer network.
Digital technology for Critical Infrastructure organizations
To be sure, Australia outstrips many when it comes to the robustness of its legislative response to the critical infrastructure threat. However, the direction of traffic in all affected countries seems the same.
Regulations will only get stiffer for critical infrastructure organizations, as regulators ratchet up the pressure bestowing on themselves broad new powers to intervene in company affairs to ensure security has been prioritized.
Threats, for their part, will only increase from state-backed and criminal actors alike.
As a result, critical infrastructure organizations must act quickly and efficiently if they are to comply with the new statutes, remain resilient to the escalating security threat, and continue to fulfil their fundamental roles in their respective country’s economies.
Specifically, certain vendors provide integrated resilience software where teams can work together to anticipate and manage threats, conduct preparedness activities, effectively respond to disruptions, and continually learn from insights to strengthen resilience.
Here are some CNI protective security software capabilities to consider:
Critical infrastructure management
Consolidate information about critical infrastructure and operators including descriptions, locations, and key functions. Generate automated notifications when information changes to ensure updates are shared with the regulator in a timely manner to meet reporting obligations.
Risk management
Take a proactive approach to risk management in a standardised manner that makes it simple to identify risks, assess their inherent risk level, implement controls, confirm their effectiveness, and monitor residual risk levels on an ongoing basis in a single workspace.
Vulnerability assessments
Perform vulnerability assessments to pinpoint potential gaps that may expose the organisation to specific types of cyber incidents. Use the findings to determine areas where additional resources and capabilities are needed to enhance the organisation's readiness and resilience to cyber threats.
Third-Party risk management
Streamline the capture of Critical Infrastructure operator information including key entity details, descriptions of the arrangements in place and details about how relevant data types are managed using automated questionnaires and document requests.
Preparedness
Build incident response plans using automated plans and checklist functionality then leverage these to conduct exercises on an ongoing basis to ensure that plans are effective, key personnel understand their roles and responsibilities, and shortcomings are addressed.
Threat intelligence
Stay ahead of potential threats to critical infrastructure and your operators using real-time threat intelligence alerts. Leverage situational awareness dashboards to consolidate feeds from multiple sources to streamline threat detection and improve the incident response process.
Incident management
Improve incident response times and team activation with automated emails, SMS, and voice notifications. Identify personnel required to update the regulator, then assign tasks, record decisions, and share updates as the incident evolves before using investigations to identify controls to prevent reoccurrence.
Analytics and reporting
Centralise critical infrastructure information to enable data visualisation through interactive dashboards, charts, and maps in real-time on any device. Easily share insights with internal stakeholders to improve decision making and keep the regulator updated on relevant changes to critical infrastructure where required.
Of course, not all resilience platforms are created equal. Looking to empower your critical infrastructure to meet obligations in a single, integrated resilience workspace? Then consider Noggin.
Our platform helps teams work together to anticipate and manage threats, conduct preparedness activities, effectively respond to disruptions, and continually learn from insights to strengthen resilience.
But don’t just take our word for it. Request a demo of Noggin to see the benefits for yourself.
Sources
[i] Security Today: World's Critical Infrastructure Suffered 13 Cyber Attacks Every Second in 2023. Available at https://securitytoday.com/Articles/2024/01/29/World-Critical-Infrastructure-Suffered-13-Cyber-Attacks-Every-Second-in-2023.aspx?Page=1.
[ii] HM Government, Government Cyber Security Strategy: Building a cyber resilient public sector. Available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1049825/government-cyber-security-strategy.pdf.
[iii] Molly Burke, Times Union: Cybercrime on ‘critical infrastructure’ increasing, report says. Available at https://www.timesunion.com/capitol/article/critical-infrastructure-seeing-cyberattacks-18413726.php.
[iv] Sarah Bahari, The Dallas Morning News: One of North Texas’ largest water suppliers is latest victim of cyberattack. Available at https://www.dallasnews.com/news/2023/11/28/one-of-north-texas-largest-water-suppliers-is-latest-victim-of-cyberattack/.
[v] Sam Sabin, Axios: Ransomware hits emergency rooms across U.S. Available at https://www.axios.com/2023/11/28/ransomware-hits-us-emergency-rooms.
[vi] Cyber resilience of the UK's critical national infrastructure: Inquiry. Available at https://committees.parliament.uk/work/7934/cyber-resilience-of-the-uks-critical-national-infrastructure/.
[vii] Available at https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/21/fact-sheet-biden-harris-administration-announces-initiative-to-bolster-cybersecurity-of-u-s-ports/.
.svg)
.svg)
.svg)