Ransomware and other malicious threats have become commonplace around the globe. But the reality is, whether it be encrypted records, stolen email credentials, or exfiltrated financial statements, these incidents generally involve a limited number of individuals or groups. Before your feathers are completely ruffled, understand that by no means am I minimizing the impact cybercriminals can have on a business. But have you considered attacks of greater scale? Perhaps those that affect the populus?
What I’m getting at here is that there are very significant risks associated with attacks on critical infrastructure if left unchecked. If the rise in enterprise attacks are a sign of the times, then it’s not far-fetched to think that we’ll see an increase of attacks on infrastructure. These could include aggressive actions to disrupt power systems, water districts, telecom grids, oil transportation and refinement, financial services, general transportation facilities, chemical plants, agriculture and food operations, and more.
The public learned what a failure of critical infrastructure could do to harm our way of life through the Colonial Pipeline hack in 2021. Cybercriminals used a former employee’s credentials, which were stolen and posted on the dark web, to gain unauthorized access to the pipeline’s systems. In response, Colonial Pipeline, the largest system of its kind in the United States, shut down their operations to contain the attack. This caused gasoline and jet fuel shortages across the southeastern United States, and consumers rushed to stock up on gas fearing it would be unavailable for a lengthy period.
About a week later, the hacker group responsible for the breach, known as Darkside, demanded 75 Bitcoin as ransom, worth about $4.4 million at the time. Colonial paid the ransom under FBI supervision. Fortunately for Colonial and their customers, Darkside fulfilled their promise to deliver an IT fix that allowed the company to regain full control of their systems. The pipeline was shut down for six days. Had the pipeline remained shut down for weeks, the effect on individuals, government agencies, and businesses across the country would have been immeasurable.
Just two months later, another infrastructure attack occurred against Transnet, a state-sponsored rail and port monopoly based in South Africa. Transnet is responsible for governing the country’s major seaports and is the largest port-governing body in sub-Saharan Africa. The ransomware attack with unknown origins forced Transnet to declare force majeure, resulting in dissolution of contractual obligations, in the Port of Durban, Port Elizabeth, Cape Town, and Ngqura. The Port of Durban alone is responsible for 60% of the shipping container volume in South Africa.
Container traffic ground to a halt at ports across the country, and partners and vendors incurred steep losses. This outcome was exacerbated by political unrest that occurred around that time linked to the ouster of former president Jacob Zuma. Authorities were left to wonder whether they would need to create a manual backup system to prevent a future breach from completely paralyzing their operations.
Too often governments around the world have been left flat-footed with more questions than answers when facing these challenges. However, it is clear that these attacks have left an impression on regulators across the globe - especially in the US. The Colonial Pipeline hack has played a key role in forging efforts to increase governmental oversight of critical infrastructure and their digital operations. Here in the US, select cybersecurity experts, including President Biden’s top advisor on cybersecurity, Chris Inglis, have noted the increased need for governmental oversight. “When critical functions that serve the needs of society are at issue, some things are just not discretionary,” Inglis told MIT Tech Review.
It may be in the federal government's best interest to pursue a new structure to govern critical, yet private, digital operations. If we truly are at an inflection point over cybersecurity and critical infrastructure, then it becomes clear that the federal government will continue to solicit cooperation from private industry. They may also choose to demand it outright through enforceable legislation. For example, President Biden recently signed the Cyber Incident Reporting for Critical Infrastructure Act requiring designated organizations to report cyber attacks within 72 hours, and ransom payments within 24 hours. The designated sectors include telecommunications, defense industrial bases, water and wastewater management, IT, nuclear reactors, government services, agriculture, energy, emergency services, and industrial chemicals.
Society at large may be able to deal with consequences stemming from certain types of digital theft and corruption. But what happens when the next pipeline’s operations are held for ransom, or companies lose control of their telecommunications networks, affecting millions of stakeholders, both public and private? What would happen if a nuclear power facility lost control of its systems and could no longer regulate a reactor’s behavior?
Increased governmental oversight, while helpful, does not guarantee the successful resolution of these issues. The federal government seeks to balance its need for visibility into corporate systems with the broader corporate need to retain autonomy. It is clear that in order for corporations to maintain that autonomy, they will need to have great insight into the messages their own data is sending them. One emerging solution would be to invest in data observability.
Data observability tools will give these entities a wide array of powers to be proactive and seek out threats that may cause great harm to the infrastructure we all need to maintain our way of life. Robust security analysis and continuous threat monitoring must become the standard across all industries with exposure to infrastructure. The time has come for the IT industry to pay closer attention to global critical infrastructure and the societal dangers it can eliminate.
The best thing you can do to mitigate the threat of a cybersecurity threat like ransomware is prepare and plan. Learn more about what a strong cybersecurity defense strategy looks like here.