In late 2017, the U.S. Department of Homeland Security and the FBI issued an in-depth report on the potential for cyberattacks on critical U.S. infrastructure, including aviation, nuclear power plants, power grids, transportation sectors and emergency services. As the motives and techniques of cybercriminals change, the threat to critical infrastructure is expanding beyond data protection and is now an urgent public safety concern.
Cyberattacks on critical infrastructure have grown increasingly sophisticated have a more significant impact than ever before. We’ve already seen real-world examples of these effects in other countries. In the cold, dark days of winter in 2015, hackers hit Ukraine’s power grid and left more than 225,000 people without power. The following year, cybercriminals stole millions of dollars through the global banking system SWIFT, which allows 3,000 worldwide members to share and send financial information. More recently, we saw attacks on the U.K. energy sector by state-sponsored hackers who, at the same time, targeted the U.S. and Ireland.
In the U.S., it’s not a matter of if, but when a major attack like this occurs, which is why we included it as a key prediction in our 2018 Data Breach Industry Forecast. While the government and private sector have worked independently to combat cyberattacks, a collaborative approach for identifying threats is needed to better secure U.S. infrastructure.
In August 2017, The National Infrastructure Advisory Council (NIAC) issued a report analyzing the capabilities of the U.S. government to protect against large-scale cyberattacks. They concluded:
“Cyber is the sole arena where private companies are the front line of defense in a nation-state attack on U.S. infrastructure. When a cyberattack can deliver the same damage or consequences as a kinetic attack, it requires national leadership and close coordination of our collective resources, capabilities, and authorities.”
While threats to infrastructure increase in 2018, it’s difficult to conceptualize how such a massive cyberattack would look. In fact, such a scenario could take any number of forms. Power grids could fail, leaving entire cities without power and exposing businesses and residents to increased crime rates. Companies could lose information vital to their day-to-day functions. Police officers and medical personnel could lose the means to communicate, maintain order and respond to calls.
Why you might ask, is this not causing more substantial concern? More importantly, how can we be prepared for such an event?
A proactive solution is the best way to defend against sophisticated cybercriminals. Public and private organizations can start by taking these vital steps:
- Invest in and use the most robust technology available to thwart an attack. In other words, go beyond traditional cybersecurity by adding failsafes in preparation for an attack.
- Update and practice incident response plans. Practice, practice, practice, and always incorporate new cyber threats into scenarios so you will be ready for the unexpected.
We live in exciting, yet perilous times. Organizations no longer have the luxury of ignoring the reality of an impending cyberattack. Preparedness is no longer optional.
For more information on existing and future threats to critical infrastructure, and how to prepare for adverse impacts, download our 2018 Data Breach Industry Forecast.