In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is, will there be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict – whether it be energy infrastructure, water supply or financial systems.
That’s especially concerning given that in the United States, nuclear facilities, water systems, highways and other critical infrastructure elements have not been maintained to the extent they should be, including the software and technology that support it.
As a result, cyber concerns around critical infrastructure are realistic. “The convergence of [information technology] and [operational technology (OT)], along with the layering of third-party digital products and services over legacy systems in critical infrastructure often compounds the limited visibility and control security teams have.
State and local governments were seeing increased threats against critical infrastructure. Security software found that such attacks increased 102% in the first half of 2021. On March 7, the FBI issued a flash warning about ransomware, which had been identified as affecting at least 52 entities across 10 critical infrastructure sectors. In February, it issued an advisory about ransomware that had compromised businesses in at least three U.S. critical infrastructure sectors.
Resource constraints such as budgets and staffing are also issues. For example, some smaller agencies and townships don’t have an IT department, forcing them to outsource cybersecurity or rely on unskilled employees. Congress’s recent allocation of $2 billion to cybersecurity in the Bipartisan Infrastructure Law can help because the funds can be applied to critical infrastructure upgrades at all levels of government.
Two things that agencies must focus on are implementing information and technology management best practices, such as multifactor authentication, network segmentation and access control, and implementing quantitative risk management. Modernisation can also bolster security. “As agencies look to adopt cloud, they should choose a cloud vendor that can meet or exceed their defined data and security requirements.
In the long term, however, agencies must adopt a security framework. He recommends the National Institute of Standards and Technology’s Cybersecurity Framework and participating in InfraGard, a partnership between the FBI and the private sector for the protection of U.S. critical infrastructure. Agencies can gain access to guidance, conferences, webinars and alerts of the latest cyber threats. State and local entities can get involved in their localised section of InfraGard for their state or city.
As reported by OpenGov Asia, to improve coordination and bolster cybersecurity efforts related to data collection and information sharing, New York has launched the Joint Security Operations Center (JSOC) to bring together federal, state, county, local governments and critical infrastructure partners. JSOC will provide leaders from across the state a comprehensive overview of the cyber-threat landscape and improve coordination regarding threat intelligence and incident response.
JSOC will become a first-of-its-kind data-sharing hub designed to improve New York’s cybersecurity posture, officials said. The centre will be headquartered in Brooklyn and offer cybersecurity teams a centralized view of threat data from federal, state, city and county governments, critical businesses and utilities.
This project is part of Hochul’s budget for the 2023 fiscal year, which allocates a historic $61.9 million toward cybersecurity. It will expand New York’s cyber red team program that will broaden the phishing defences, increase vulnerability scanning, expand penetration testing and deliver other cyber incident response services. These investments will ensure that the state can isolate and protect parts of its system if one part of the network is attacked.
