In February 2021, a hacker gained access to a city’s water system in Florida and attempted to increase the sodium hydroxide (lye) content from 100 parts per million to 11,100 ppm. This was however rectified by a worker who spotted the anomaly quickly.

While this incident opened a lot of people’s eyes to the dangers of public health linked to systems with cybersecurity vulnerabilities, it does not negate the fact that many cybersecurity specialists are on the side that a lot of critical national infrastructure is being attacked and many predict that this will only increase in frequency.

The U.S. critical national infrastructure (CNI) is the backbone of its economy which has grown to be very essential to the functioning of the economy and safety of its citizens. It includes systems, assets, and installations in different categories such as the healthcare, energy and transportation sectors.

However, these sectors are vulnerable to rising threats. For example, hundreds of electrical facilities, gas pipelines, and water supplies are under constant risks from cyber attacks, human errors and even natural disasters. The damages they can cause are numerous: destroyed property, workers’ injuries or even fatalities, contamination of the environment due to spillage of pollutants, and disruptions in services which can lead to massive financial losses.

The Threat Landscape is a Complex One

Many different large-scale threats are hovering over the U.S. critical national infrastructure. These potential threats could be coming from seemingly harmless organizations all the way to state-sponsored hacktivist groups. They include primary actors such as nation states, criminal gangs, cyber-terrorists and even disgruntled insiders. Other typical threats include: data breaches, ransomware attacks, supply chain attacks and natural disasters.

This shows that cyber threats are growing in number, sophistication and severity and if care is not taken, will likely cause a widespread impact on public health, safety and economic activity.

The Energy and Utilities Industry is a Prime Target for Malefactors

Hackers are becoming quite adept at identifying the most vulnerable critical infrastructure and where to hit them hard. This is why organizations in the oil, gas, and utilities industry are now becoming prime targets for these hackers who have discovered that they are the most likely to pay ransomware demands.

For example, May 2021 recorded a popular ransomware attack by the Dark Side gang who attacked and shut down the U.S. East Coast’s fuel supply for days after which they extorted a whopping $4.4 million ransom. This shows the severity of these attacks and the harm that comes along with them.

In the electricity sector, the U.S. electric grid is the world’s largest interconnected machine with over 7,000 power plants, 3,300 utilities, 55,000 substations, and over 2.7 million miles of power lines. This makes it prone to massive cyber attacks as noted by Energy Secretary Jennifer Granholm who in a past interview stated that there were extremely bad actors who were very much capable of shutting down the country’s electrical grid.

Water treatment facilities aren’t much better off. Unlike other “high-profile” sectors, water and wastewater utilities are usually owned and operated by small firms with little resources for security measures and upgrades. This leaves this particular sector highly vulnerable to malicious actors.

CNI Top Threats  to Watch Out for

Security and government authorities are concerned about America’s critical infrastructure’s vulnerabilities and the threats it faces now and in the future. The top threats to U.S. CNI include:

●     State-sponsored Attacks

State-sponsored hacking has been on the rise for several years, and it represents one of the biggest threats to critical national infrastructure. These nation-state attackers typically target large, well-funded entities with access to sensitive data—like government agencies or large corporations—as they are more likely than small companies or individuals to have valuable information that can be used by another nation for economic advantage or military power.

●     Large-scale Attacks

The nation’s critical infrastructure is also at risk from large-scale threats that could have catastrophic consequences.  Cyber and physical attacks against key infrastructure such as power grids, water systems and gas pipelines could be used to cause mass disruption or loss of life in a single location. A coordinated cyberattack on critical national assets could significantly degrade U.S. ability to defend against military aggression or respond effectively in times of crisis.

●     Disgruntled Insiders

While outsiders are a serious threat, insiders are the most dangerous and difficult to predict. They may be motivated by revenge, money or ideology. In some cases, they may want to prove themselves to others by showing off their skills or knowledge of the system that they know best. In other instances, insiders may have good intentions—they just don’t see how their actions can negatively affect others.

Edward Snowden, who worked for Booz Allen Hamilton, a contractor for the NSA is a classic example. He leaked classified information about the agency’s surveillance programs to journalists in 2013. Snowden has been labeled many things such as: a traitor, a hero, a whistleblower, a coward, a patriot, amongst other names. However, U.S. authorities noted that his actions had done “grave harm” to the country’s intelligence capabilities and the whole incident was termed “literally gut-wrenching” by the former director of National Intelligence, James Clapper.

●     Lack of Cybersecurity Talent

Bloomberg notes that there are more than 600,000 unfilled cybersecurity jobs in the United States and it’s estimated that there will be 3.5 million unfilled cybersecurity jobs by the end of 2025.

This makes this one of the most pressing threats to U.S. CNI.

●     IoT Threats

The Internet of Things (IoT) consists of network-connected devices, systems and services and due to the nature of the IoT ecosystem, malicious actors have various possibilities to alter the flow of data to and from network linked devices.

●     Denial of Service (DoS) Attacks

Denial-of-service (DoS) attacks are a type of cyberattack in which a computer network resource is made unavailable to its intended users.  A traditional DDoS (distributed denial of service) attack can cause a financial institution’s website to go down and momentarily prevent customers from banking online. Botnet operators coordinate attacks and propagate phishing schemes, spam, and malware attacks by employing networks, or botnets, of compromised, remotely controlled devices.

What Can Be Done?

To mitigate and confront the threat to critical national infrastructure, there is a need to strike a delicate balance between the need for attack prevention, deterrence, identification, and discovery with an effective response strategy, crisis management, damage control, and, eventually, a protocol to return to normal operations.

Due to the widening range of cyber threats to the US critical national infrastructure as well as the growing importance of maintaining US national and economic security, various government and corporate entities have taken steps to increase CNI security in recent years.

The National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems for example, is a joint effort by the federal government and private sector partners. This public-private partnership  is essential to ensuring the security of U.S. critical infrastructure.

This is because the private sector has access to technologies and tools that can help the U.S. government protect the nation’s infrastructure from cyber attacks and it also has access to information about how their systems are used by their customers. This information can help identify vulnerabilities in systems before they are exploited and compromise critical networks or services. In turn, the US government is able to provide more resources than any single company could invest on its own: greater physical access to national assets; more personnel resources; regulatory authority (when necessary); and legal jurisdiction over both foreign and domestic actors who may be involved in a coordinated attack against American citizens or interests. A partnership between these two will be effective in tackling increasing cyber threats.

Another effective way to manage risks is to focus on people. While cybersecurity and technology solutions are important, it’s the human element that makes all the difference in keeping critical infrastructure safe. One of the most effective ways to combat cyber threats is through training employees, developing a security policy and plan, and having a response team ready at any time. Having strong cybersecurity policies in place makes organizations prepared for incidents.

Looking for a way to help your CNI comply with national cybersecurity standards? ITEGRITI can help as we’re a cybersecurity consulting and advisory firm that specializes in protecting Critical National Infrastructure. Find out more here.