Cyber Threats to Critical Infrastructure Persist
Cyberattacks against critical infrastructure is a subject you might often hear in the news as a potential risk of our connected, online world. Never has this been more the case than in the diffuse workforce of the post-Covid era. This remains an ongoing problem, as a recent tank overflow at a Texas water treatment plants shows. Cybersecurity firm Mandiant states that a Russian hacking group is once again the responsible party. Known as the “Cyber Army of Russia Reborn” or “Xaknet,” but possibly just a puppet for larger syndicate controlled by Russian military, these hackers claim to be working on behalf of their home country.
Their efforts on this occasion were not as damaging as they easily could have been. All that ended up happening was a half hour long overflow of a tank that serves 5,000 residents. No severe problems resulted, just a bunch of wasted water that only ceased when workers switched to manual offline operations. But consider the ease with which the bad actors could’ve done serious damage, had they been so inclined. A brief period of spillover might have been the least of the residents’ problems if the hackers had wished it; a different attack might have resulted in contamination.
More cyber strikes were carried out against water treatment plants in the US, Poland and France, according to the group’s own claims. Meanwhile, a recent hit against a similar facility in Pennsylvania was attributed to Iranian state-back hackers, according to the Environmental Protection Agency and National Security Council.
This particular Russian hacking collective is believed to be the most dangerous group, especially if they are now escalating things to this level. Cyber criminals able to assault critical infrastructure through IT vulnerabilities present a serious threat to a nation’s security, as governments can only do so much to combat these pernicious schemes in real time. This is why, however, preventative measures become all the more crucial. The examples listed above are only the names that made the news, while countless others are just as vulnerable and perhaps being probed or attacked at this very moment. And yet, as KnowBe4’s Roger Grimes points out, “The idea that anyone from the Internet can reach a system that controls critical safety infrastructure is insane! We know it’s insane. Yet, we still let it happen because the controls that make it much less likely to happen might cause some real or imagined inconvenience….many/most entities in charge of protecting those same systems just don’t try to prevent it.”
Whether securing access controls, activity logs and audits, and of course utilizing encryption, the best hope lies in being proactive rather than reactive, especially as Russian state-hacking activity ramps up in conjunction with the Ukraine invasion.