As most Preppers and security experts will tell you, the majority of nations fear a loss of their power grid. Ukraine got a taste of it on December 23, 2015 when Russia allegedly launched a cyber attack against the Ukrainian power infrastructure.
On February 9, 2016, the President of the United States directed his administration to implement a Cybersecurity National Action Plan (CNAP) that puts in place a strategy to enhance cybersecurity awareness and protections. As part of this strategy, on July 26, 2016 the administration released Presidential Policy Directive-41 on U.S. Cyber Incident Coordination Policy making the FBI the lead agency in charge of a joint task force that will respond to cyber threats across the nation. A nation like Russia or China is capable of cyber espionage that could black out our nation, so knowing who to call in case of a devastating cyber-attack would eliminate the massive chaos if different agencies were scrambling to determine who should respond.
But what about our large and mostly outdated Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems that run the grids for energy companies, government departments and independent power authorities across the US? These mission critical systems are not hardened for security and lack the streamlined technology controls to absorb or stop a major attack. These outdated systems also support other critical infrastructure in finance and healthcare industries, posing a significant threat and exposure. If a major financial institution or health care database were breached, the ripple affect would be felt through multiple sectors.
CNAP also mandates the transfer of spending to modern technologies instead of paying to maintain old, out-of-date systems that the government is guilty of still employing. The plan proposes a $3.1 billion Information Technology Modernization Fund, which would enable the retirement, replacement, and modernization of legacy IT that is difficult to secure and expensive to maintain. The plan allocates more than $19 billon for cyber security as part of President’s Fiscal Year (FY) 2017 budget – more than 35% increase from FY 2016.
Many systems supporting critical infrastructure have web front ends that enable administrators, customers and other users to access systems statistics, account records and information on energy data. If those web applications or backend databases and files were breached by someone looking to gain institutional knowledge on our country’s infrastructure, we would be giving them the keys to the kingdom. The best defense is always a good offense. So we can start by shoring up and modernizing our internal controls, securing databases that house our nation’s energy maps and data that could prove valuable to someone looking to cause harm. We should put an enforcer in front of those data repositories and applications that run our critical infrastructure to stop bad actors from exploiting our nations mission critical systems. We will wait and see if CNAP is embraced or hits any road blocks during this election year.
Learn more about the solutions Imperva has for the Federal Government.
Learn more about SCADA and its vulnerabilities.