Protecting Critical Services from Cybercriminals

Last year’s targeted attack against the Colonial Pipeline brought into sharper focus the risk utilities face from cyber crime.  Data has always been a valuable resource for those who possess it, now more so than ever; as breaches of critical utilities show, it can also be a weapon. 

If a retailer’s online platform gets breached, and the personal data of its customers exposed, that is obviously a massive problem for all parties.  If the target is an entity like a hospital, it’s even more severe as sensitive health information can be jeopardized.  The same applies for critical utilities.  A water treatment plant that gets hacked in an attempt to drastically alter the sodium hydroxide content in the water supply would be dangerous, which it was fortunately not in Oldsmar, Florida last year.  NetLib Security has worked with small to medium sized organizations across each of these verticals to put in place a formidable offense to protect the perimeter in the instance of a breach. 

This and the pipeline are just a couple of examples, but at a 2021 utilities summit, the Electricity Information Sharing and Analysis Center’s (E-ISAC) CEO Manny Cancel reported that the agency observed an almost ninefold increase in ransomware information sharing.  Such a spike in this brand of information warfare has led others, like a water utility in New Mexico, to bolster their own data security defenses in preparation.  That isn’t even getting into state-backed cyberattacks, such as the kind we see as part of the ongoing Russian attack on Ukraine.  Days prior to the invasion saw a number of distributed denial of service (DDoS) attacks against Ukrainian banks and government websites, allegedly by military hackers from Russia.  Ukrainian authorities requested assistance from neighboring countries’ experts to deal with further anticipated cyber threats.  

In the US, organizations like the Albuquerque water utility in New Mexico are investing in stronger data protection as regulations try to keep pace with technology.  Different industries currently maintain their own standards, such as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) for the energy industry.  Other sectors will need to play catch up as they seek to establish a bar standard to help govern their data security efforts.  For government agencies or organizations working with them, the Federal Information Processing Standard (FIPS 140-2) is the government security standard.  NetLib Security received the validation for its flagship platform, Encryptionizer® for SQL Server, after months of rigorous testing and procedures.  NetLib Security’s Encryptionizer has assisted many organizations here through transparent encryption of sensitive data at all levels, helping to achieve FIPS 140-2 certification.