As we continue to have discussions around the importance of cybersecurity and its implications, there is a major topic that we must include – infrastructure security. Infrastructure is made up of elements such as the water we rely on and the electricity we use, and while its security should always be a priority, attacks such as the Colonial Pipeline case have reminded us of just how important it is. Due to such a reminder, infrastructure has been the clear subject of cybersecurity news throughout the past week. We examine some of the latest headlines.
As NPR reported, President Biden recently signed a national security “directive” that was geared specifically toward addressing both the increase in ransomware attacks and the significance of critical infrastructure. It outlines standards for private companies operating in fields like energy and water to obtain with their systems. According to the article, 90% of the country’s critical infrastructure is owned by private sector entities, so as of right now, the initiative is voluntary. However, an official stated that may pursue measures to require technological improvements aimed toward increasing cybersecurity.
An article for ZDNet further details the effort on behalf of the Biden administration to set guidelines for infrastructure security. As the report explains, Biden’s memorandum is “ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure.” Up to this point, an official speaking on behalf of the administration stated that the approach to infrastructure cybersecurity has been a “patchwork” of statutes. But considering recent large-scale attacks affecting infrastructure operators, “the administration is committed to leveraging every authority we have,” according to the official. The memorandum builds on an initiative that started with the electricity sector and will now expand to include natural gas pipelines, water systems, wastewater systems and the chemical sector. Reportedly, the deadline for DHS to release the guidelines is September 22nd. Following that, they have one year to solidify the final version of the rules.
However, as we at Option3Ventures have pointed out previously, there is another segment of critical infrastructure that is essential to include in this acknowledgment of the need for strengthened infrastructure cybersecurity – Space. As private space companies become increasingly relevant, cybersecurity experts are warning of the risk associated with this trend. With an attack on this sector potentially impacting systems such as internet access, GPS and satellites, Gregory Falco, a civil engineering professor at Johns Hopkins University explained to Vox that “These space systems enable all of this other critical infrastructure that we have, and we don’t even realize it.” While not frequent, such cyberattacks have occurred before. Vox recalled the 2014 instance in which a cyberattack carried out on the National Oceanic and Atmospheric Administration (NOAA) by China disrupted access to data collected by a satellite network to conduct weather forecasting. Now, the fear of growth in such activity persists.
Key Takeaways:
“Biden Pushes Cybersecurity Upgrades For Critical Infrastructure After Recent Hacks” – Rachel Treisman, NPR
- President Biden recently signed a national security “directive” geared specifically toward addressing both the increase in ransomware attacks and the significance of critical infrastructure.
- It outlines standards for private companies operating in fields like energy and water.
- According to the article, 90% of the country’s critical infrastructure is owned by private sector entities.
“Biden orders CISA and NIST to develop cybersecurity performance goals for critical infrastructure” – Jonathan Greig, ZDNet
- Biden’s memorandum is “ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure” according to reporting for ZDNet.
- Up to this point, an official speaking on behalf of the administration stated that the approach to infrastructure cybersecurity has been a “patchwork” of statutes.
- DHS has until September 22nd to release preliminary guidelines for infrastructure operators.
“For hackers, space is the final frontier” – Rebecca Heilweil, Vox
https://www.vox.com/recode/22598437/spacex-hackers-cyberattack-space-force
- As private space companies become increasingly relevant, cybersecurity experts are warning of the risk associated with Space.
- An attack on this sector could potentially impact systems such as internet access, GPS, and satellites.
- Gregory Falco, a civil engineering professor at Johns Hopkins University explained to Vox that “These space systems enable all of this other critical infrastructure that we have, and we don’t even realize it.”