A Troubling Reality
There’s no denying it. In today’s increasingly complex digital landscape, America’s critical infrastructure is more vulnerable than ever to cyber exploitation and attack. It doesn’t help that many of the organizations (both public and private) under the critical infrastructure umbrella lack the right cyber tools and know-how to protect their systems and data against increasingly sophisticated attack vectors.
That is troubling when we consider the diverse array of actors with an interest, either demonstrated or potential, in targeting our critical infrastructure, from power grids, water treatment plants, and nuclear reactors to transportation networks and the defense industrial base (DIB). Nation state actors and their proxies, global terrorist organizations, cyber criminals and rogue hackers, and disgruntled insiders alike all stand to gain something from successfully attacking or infiltrating these services.
Why Critical Infrastructure?
Motivating factors for these actors run the gamut. Nation states and their proxies may seek to inflict lasting economic damage or sow discord within our democracy. Hackers may simply want to make money from a ransomware payment, while terrorists would no doubt delight at the prospect of gaining global notoriety, spreading panic, or leaving death and destruction in an attack’s wake.
Whatever the underlying motivation for a cyberattack on America’s critical infrastructure may be, the impact could be devastating. The Department of Homeland Security (DHS), which is the federal agency tasked with managing the protection of this infrastructure, makes that point clear, stating that these sixteen sectors are “so vital” to our nation “that their incapacity or destruction would have a debilitating impact on [America’s] physical or economic security or public health or safety.”
If an American city’s power grid goes dark as the result of a cyberattack, even for just a few hours, or its water supply is tainted by a cyber-induced malfunction, what then? That city’s residents will inevitably be affected – some lives might even be put in danger, particularly among vulnerable populations like the sick and elderly. But the attack could also have ripple effects far beyond that city’s geographic limits, especially as critical infrastructure networks become increasingly integrated and connected.
The So What
So are nation states, terrorists, and hackers, in fact, attempting to attack America’s critical infrastructure? The short answer is ‘of course,’ even if we don’t see the evidence splashed across our front pages. And why wouldn’t they, when that infrastructure presents such a high impact – and right now, easy – target?
The more important question, then, is how private companies and public sector organizations can better collaborate now to prepare for and prevent attacks of the future, so our nation and people remain safe and our vital processes and services keep functioning.
Luckily this question has already extended far beyond just DHS. Other federal entities, like the Department of Defense (DoD), state and local organizations, and the cybersecurity industry are also paying close attention. Just this October, DoD’s Under Secretary for Research and Engineering Mike Griffin laid out the terms of reference for a task force aimed at better understanding how cyberattacks on critical infrastructure might affect America’s “ability to project force, to ensure the capability to deploy, distribute, and sustain forces and logistics, and to have confidence in critical command and control elements.” And the Department’s ongoing refinement of its supply chain-focused Cybersecurity Maturation Model Certification – slated to go into effect next year – is another step in the right direction.
DoD’s focus on securing its vast and diverse supply chain is, simply put, just as critical as the infrastructure itself – but the challenge extends far beyond DoD. In recognition of that reality, the President’s National Infrastructure Advisory Council will vote later this week on a draft report highlighting the necessity of better cybersecurity across governmental supply chains, not just the DIB.
Alongside several concrete recommendations, including one aimed at securing the supply chain of critical cyber components specifically, the draft report vocalizes a dire warning: “escalating cyber risks to America’s critical infrastructures present an existential threat to continuity of government, economic stability, social order, and national security.” In short, this is not a threat our government can or is taking lightly.
Our Role in Keeping America’s Critical Infrastructure Safe
While it is encouraging to see the government devoting attention to this threat, the onus for shoring up our critical infrastructure does not fall only on its shoulders. The private companies that control more than eighty percent of these sectors must take more initiative to enhance their own cybersecurity now, rather than waiting for government mandates and standards to spur change. In addition, the cybersecurity industry itself must deliver cost-efficient and effective solutions to public and private sector customers alike. As mentioned above though, these are not the only qualities driving procurement. The cybersecurity industry must pay mind to its own supply chain to ensure the code used in products it sells to critical infrastructure customers is tested and trustworthy.
For our part, Acronis SCS takes pride in providing easy-to-use, affordable, secure, and resilient backup and disaster recovery software to all levels of the public sector, including organizations responsible for keeping America’s critical infrastructure up-and-running. In fact, our newest offering, Acronis SCS Cyber Backup 12.5 Hardened Edition, is specifically tailored to meet the needs of our country’s most sensitive environments and vital services, like water and power plant SCADA systems. This game-changing software minimizes downtime in the event of attack or hardware failure, while actively protecting systems and data against thousands of ransomware variants.
We’re happy to do our part to protect America’s critical infrastructure. How can you join the cause?
But Wait, There’s More
Itching to learn more about the cyber threats facing our nation’s critical infrastructure? You’re in luck! This blog is just the beginning. Keep an eye out for our forthcoming whitepaper on the topic.