Security News > 2021 > August > Why ransomware is such a threat to critical infrastructure
A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation's critical infrastructure and the ease with which their systems can be breached.
Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.
As cyberthreats increase in sophistication, we can expect the threat presented by ransomware to evolve, and the actions taken to protect the nation's critical infrastructure must evolve as well.
While there's no centralized national agency overseeing all critical infrastructure in the U.S., we have a great model of what the energy industry did with the critical infrastructure protection standards that guide utilities.
Many of the precautions mandated by CIP, like isolating critical systems from the internet and replacing single-factor, password-based authentication with multi-factor credentials including digital certificates based on public key infrastructure, could make other types of infrastructure just as secure and resilient as CIP-protected systems are.
Securing the country's critical infrastructure will require regulatory oversight, but it took years to develop and implement the energy industry CIP security protocols.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/3CJe-wuZjRQ/
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- Ransomware batters critical industries, but takedowns hint at relief (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)