Security News

A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation's critical infrastructure and the ease with which their systems can be breached. Cyberattacks and ransomware pose a greater risk to critical infrastructure than a non-digital external threat like a nation-state does, and the size and scale of the infrastructure has little to do with the scope of the risk; ransomware is just as much as threat to a water treatment plant in downtown Smallville, USA, as it is to a large-scale energy grid or gasoline pipeline.

U.S. senators recently unveiled the finalized version of a $1.2 trillion bipartisan infrastructure bill, which the White House says will allocate roughly $2 billion to improving the country's cybersecurity capabilities. The Infrastructure Investment and Jobs Act includes funding for roads, bridges, transportation safety, public transit, railways, electric vehicle infrastructure, airports, ports, waterways, broadband internet, environmental remediation, and power infrastructure.

The global 5G infrastructure market size is expected to reach $80.5 billion by 2028, according to a study by Grand View Research. The significant investments by communication service providers to deploy 5G infrastructure across the globe to provide improved data services are estimated to drive the market.

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "Woefully insufficient" security posture. "The Memorandum was accompanied by transcripts of remarks made by a"Senior administration official" who said the edicts are needed because "We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.

The traditional "Trusted network" is no longer viable, forcing organizations to build upon a zero trust architecture to protect and strengthen their network infrastructures. Optiv Security is helping clients do just that with its Zero Trust Readiness Assessment.

US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. It directs the Department of Homeland Security's CISA and the Department of Commerce's NIST, in collaboration with other federal agencies, to develop cybersecurity performance goals and guidance for critical infrastructure orgs.

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors. The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries - a reality made clear by the May hack of the nation's largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.

I was fortunate to be in Military/Federal Government service for over 30 years spending the last 17 years working in the Cybersecurity and Infrastructure Security Agency whose central mission is the security of our nation's critical infrastructure and working with other critical Departments and Agencies that share a similar mission such as the Department of Energy, Department of Defense, Transportation Administration, and Health and Human Services to name a few. Our Nation's cyber and physical infrastructure underpins our national and economic security, public health, and safety, and provides the critical functions our citizens depend on in their everyday lives.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems, and grants for state and local governments. One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS's Cybersecurity and Infrastructure Security Agency to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. How to prepare for the future of ransomware risk management.