Protecting the Homeland: Critical Infrastructure and Cyber-Attacks

By Eric Noonan • May 13, 2016

The deadline of June 1 looms for the Department of Homeland Security to gather threat-based data regarding our nation’s critical infrastructure. According to Netgov.com, by September of this year, the DHS is tasked with putting together a plan to put that data to use.  This should come as no surprise to security analysts as the rise in critical infrastructure attacks in the media has become more prevalent since the New York Times published articles about Stuxnet and joint Israeli-American involvement. More recently, the world has seen cyber-physical attacks in Ukraine against its bulk-electric system, in the United States against a NY flood-control dam, and several weeks ago in Sweden against an air-traffic-control system.

Attacks against critical infrastructure pose arguably the largest threat to any state, including the U.S. Their interdependencies and complicated private-public sector partnerships make for quite the quagmire. The United States alone categorizes 16 different critical infrastructure sectors which they define as,

“assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”

Department of Homeland Security

It would be difficult to make a suitable comparison of the impact of a single major critical infrastructure attack could have versus the data-breaches that occurred over the last few years; let’s just say all previous breaches would pale in comparison.

Since the critical-infrastructure was not designed with security in mind, it soon could become all-too-real. That’s because the cyber-critical infrastructure has been built on programmable logic controllers, industrial control and SCADA systems, simple devices that don’t know right from wrong, and security has always been an afterthought. While the DHS figures out what to do with all the data they’re collecting, public and private sector critical infrastructure owners and operators need to prioritize their security and ramp-up the protection of these systems.

Critical infrastructure utilities can be proactive by implementing security tools to lock down and harden the attack-vectors of the industrial control systems. Utilizing Privileged Identity Management and Access suites like CyberArk provide an all-in-one solution for critical infrastructure operators. This is achieved by restricting access to privileged accounts, securing remote access, real-time monitoring of sessions and systems, and automatic management of privileged identities, all while meeting Critical Infrastructure Protection standards and reducing cost. It’s no wonder why 40% of Fortune 100 and 20% of Global 2000 companies choose CyberArk to protect their assets and infrastructure.

With 100% of advanced attacks exploiting privileged accounts, implementing an effective Privileged Account Management solution is vital. CyberSheath’s engineers are well versed in Critical Infrastructure Protection standards; let the experts help you establish a Privileged Account solution appropriate for your organization. U.S. Cyber Command Commander and National Security Agency Director Michael Rogers said that it’s a matter of “when,” not “if” a cyberattack targets the critical infrastructure; don’t wait around to find out.

You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.