Critical Infrastructure Security
By |Last Updated: January 22nd, 2024|7 min read|Categories: Ransomware|

The White House’s cybersecurity funding roll-out has implications far beyond US borders.

In mid-September, the Department of Homeland Security announced that it would begin distributing cybersecurity funds to critical infrastructure providers as part of the Biden administration’s $1.2 trillion infrastructure deal signed the previous year.

The law dedicates $1 billion to addressing cybersecurity vulnerabilities in US critical infrastructure over four years. The September announcement marks the roll-out of the first tranche of funding, distributing $185 million to infrastructure providers who successfully apply.

Applicants must apply within 60 days of the announcement and have considerable freedom in choosing how the funds are to be spent. Both new and existing cybersecurity programs are eligible for coverage.

For many infrastructure providers, these funds could not have come at a more crucial time. Cyberattacks on critical infrastructure – from transport systems to power grids and water management utilities – have only grown in frequency and intensity since the bill was signed into law.

The Time to Invest in Infrastructure Security Is Now

The US government’s announcement comes immediately following a high-profile attack on the country’s second-largest school district. Government agencies, public institutions, and infrastructure providers continue to face constant cybersecurity threats, and urgently need to invest in robust solutions for protecting sensitive data.

While US states have long been eligible to apply for cybersecurity funding through FEMA’s Homeland Security Grant program, these funds are typically divided between information security programs, natural-disaster plans, and counterterrorism initiatives. For many, the new announcement is an incentive to invest purely in updating the security of information and operating technology infrastructure.

But cybercrime is not purely an American problem. Other countries are experiencing a dramatic surge in cybercriminal activity, with repercussions that can deeply impact energy security for the rest of the world.

Whenever cybercriminals successfully infiltrate a critical infrastructure provider, they gain valuable experience and become even more dangerous. When cybercriminals receive money from victims, part of it goes towards reinforcing their technological capabilities and hiring more capable talent. The cybercrime problem is not limited to any one country or industry.

Cyberattacks on Critical Infrastructure Have Become a Global Trend

The United States is not the only country facing disruptive cyberattacks on critical infrastructure. Many public and private institutions have found themselves targeted by sophisticated cyberattacks.

Some examples of the recent surge in critical infrastructure attacks include the following.

1. UK Public Transport Company Announces Incident in Early September

Go-Ahead is one of the United Kingdom’s major public transportation providers. Among many other things, it is responsible for managing the country’s iconic fleet of red double-decker buses. On September 5th, 2022, the company announced a cybersecurity incident but successfully managed to avoid disruption to the national bus and rail grid.

The company shared few details about the attack, but admitted that bus and driver rosters were likely compromised. In a later statement, Go-Ahead announced that it could continue routine daily operation, but that certain technology functions would remain unavailable.

2. Montenegro’s Public Administration Systems Offline Since August

The tiny Balkan republic of Montenegro reported facing an unprecedented cyberattack in late August, claiming that its servers had been compromised by ransomware. The country’s authorities believe that a malicious insider was responsible for carrying out the attack, which spread through multiple government agencies including the ministries of defense, finance, and the interior.

Following an in-depth investigation aided by FBI experts, Montenegro authorities declared that the attack was likely perpetrated by Russian cybercriminals. The attack is seen as a response to the country’s 2017 application to join NATO, which fits the ongoing trend of disruptive cyberattacks taking place in Moldova, Bulgaria, North Macedonia, Slovenia, and Albania.

3. UK Water Company Targeted by Cybercriminals in August

South Staffordshire PLC announced that its IT systems suffered a disruptive cyberattack in late August, but that it would still be able to deliver drinking water to its 1.6 million drought-stricken customers. The attack is notable for a confused declaration of responsibility by a Russian-speaking cybercriminal group that incorrectly claimed an attack on the wrong water provider.

Although this particular attack did not result in severe disruptions to water utility services, it underscored the vulnerabilities these providers – and their customers – face. Unlike other utilities, customers rarely have access to alternative sources. The result of a disruptive cyberattack on local water facilities can be catastrophic.

4. Italian Oil and Energy Operators Breached in Linked Attacks

In early September, Italy’s cybersecurity defense agency announced that multiple national energy companies – including the multi-billion-dollar oil giant Eni – were targeted by a series of cyberattacks launched in quick succession. The country’s state-owned energy company GSE was also targeted in what appears to be a linked series of attacks.

These attacks were serious enough to push then-Prime Minister Mario Draghi to hold an emergency meeting with top government officials and the state’s cybersecurity committee. Eni claimed minor disruptions from the attack, while GSE admitted that servers were compromised and employees would be unable to access internal data, including their email accounts.

Secure Critical Infrastructure with Robust Prevention-based Technology

Government agencies tend to make appealing targets because they are large institutions that millions of people rely on. Despite their importance, they often remain critically underfunded for years at a time.

This is especially the case in countries undergoing social, economic, or geo-political crises that drag public attention away from security threats and their potential impact. Opportunistic cybercriminals have shown that they will readily exploit these problems, triggering attacks the moment they think it will bring them maximum leverage over their victims.

Prevention-based technologies like anti data exfiltration (ADX) remain the best way to protect critical systems from opportunistic exploitation. Infrastructure providers must recognize that keeping malicious insiders out of sensitive systems is not always possible.

A robust ADX-powered security policy can make launching attacks, stealing data, and communicating with foreign command-and-control servers too costly and time-consuming to be viable. This makes ADX technology a powerful component of the critical infrastructure security tech stack.

BlackFog is a cybersecurity technology vendor that specializes in anti data exfiltration technology. BlackFog’s ADX solution helps critical infrastructure providers prevent attackers from moving sensitive data from its secured location. Find out how BlackFog’s security solutions can help your organization meet its cybersecurity challenges today.

Share This Story, Choose Your Platform!

Related Posts