They focus only on defending the “security perimeter of networks,” the commission said. And new vulnerabilities allowed attacks that also caused data losses, disrupted network traffic, and even denial-of-service shutdowns, according to technological and research firm Gartner.Īttacks on utility OT can come through distributed solar, wind and storage installations, employee internet accounts, smart home devices, or electric vehicles, Gartner, other analysts, and the May 2021 Biden executive order requiring improved power system cybersecurity agreed.Įxisting Critical Infrastructure Protection, or CIP, Reliability Standards established by the North American Electric Reliability Corporation, or NERC, are inadequate, a January 2022 Notice of Proposed Rulemaking from the Federal Energy Regulatory Commission said. “critical infrastructure” sectors, including the energy sector, the FBI reported. In 2021, there were ransomware attacks on 14 of the 16 U.S. And Russia’s 2015 shutdown of Ukraine’s power system was through authenticated credentials, likely using emails, CISA also reported. online corporate and government networks went through SolarWinds and other software vendors, CISA acknowledged. A 2019-2020 attack known as SUNBURST and directed against U.S.
The 2021 Colonial Pipeline shutdown started with a leaked password, according to public reports. The threatĬritical infrastructure is already vulnerable to insider attacks. But the new strategies remain at the concept stage and many utilities remain unwilling to take on the costs and complexities of cybersecurity modernization, analysts said.
New multi-level cybersecurity designs can provide both rapid automated distributed protections for distributed resources and layers of protections for core assets, cybersecurity providers said. But distributed resources can provide “resilience” if a distributed cybersecurity architecture “mirrors” the structure of the distribution system where they are growing to “contain and isolate intrusions before they spread to operations,” he said. Growing “distribution system entry points” make “keeping hackers away from operations infrastructure almost unworkable,” agreed CEO Duncan Greatwood of cybersecurity provider Xage. “The mindset of trusted versus untrusted users must be replaced with a new zero trust paradigm with multiple levels of authentication and monitoring,” he added. “No amount of traditional security will block the insider threat to critical infrastructure,” said Erfan Ibrahim, CEO and founder of independent cybersecurity consultant The Bit Bazaar.
0 kommentar(er)
