Security News > 2021 > August > Why ransomware is such a threat to critical infrastructure

A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation's critical infrastructure and the ease with which their systems can be breached.

Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.

As cyberthreats increase in sophistication, we can expect the threat presented by ransomware to evolve, and the actions taken to protect the nation's critical infrastructure must evolve as well.

While there's no centralized national agency overseeing all critical infrastructure in the U.S., we have a great model of what the energy industry did with the critical infrastructure protection standards that guide utilities.

Many of the precautions mandated by CIP, like isolating critical systems from the internet and replacing single-factor, password-based authentication with multi-factor credentials including digital certificates based on public key infrastructure, could make other types of infrastructure just as secure and resilient as CIP-protected systems are.

Securing the country's critical infrastructure will require regulatory oversight, but it took years to develop and implement the energy industry CIP security protocols.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/3CJe-wuZjRQ/