Protecting the Homeland: Critical Infrastructure and Cyber-Attacks

By Eric Noonan • May 13, 2016

The deadline of June 1 looms for the Department of Homeland Security to gather threat-based data regarding our nation’s critical infrastructure. According to Netgov.com, by September of this year, the DHS is tasked with putting together a plan to put that data to use.  This should come as no surprise to security analysts as the rise in critical infrastructure attacks in the media has become more prevalent since the New York Times published articles about Stuxnet and joint Israeli-American involvement. More recently, the world has seen cyber-physical attacks in Ukraine against its bulk-electric system, in the United States against a NY flood-control dam, and several weeks ago in Sweden against an air-traffic-control system.

Attacks against critical infrastructure pose arguably the largest threat to any state, including the U.S. Their interdependencies and complicated private-public sector partnerships make for quite the quagmire. The United States alone categorizes 16 different critical infrastructure sectors which they define as,

“assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”

Department of Homeland Security

It would be difficult to make a suitable comparison of the impact of a single major critical infrastructure attack could have versus the data-breaches that occurred over the last few years; let’s just say all previous breaches would pale in comparison.

Since the critical-infrastructure was not designed with security in mind, it soon could become all-too-real. That’s because the cyber-critical infrastructure has been built on programmable logic controllers, industrial control and SCADA systems, simple devices that don’t know right from wrong, and security has always been an afterthought. While the DHS figures out what to do with all the data they’re collecting, public and private sector critical infrastructure owners and operators need to prioritize their security and ramp-up the protection of these systems.

Critical infrastructure utilities can be proactive by implementing security tools to lock down and harden the attack-vectors of the industrial control systems. Utilizing Privileged Identity Management and Access suites like CyberArk provide an all-in-one solution for critical infrastructure operators. This is achieved by restricting access to privileged accounts, securing remote access, real-time monitoring of sessions and systems, and automatic management of privileged identities, all while meeting Critical Infrastructure Protection standards and reducing cost. It’s no wonder why 40% of Fortune 100 and 20% of Global 2000 companies choose CyberArk to protect their assets and infrastructure.

With 100% of advanced attacks exploiting privileged accounts, implementing an effective Privileged Account Management solution is vital. CyberSheath’s engineers are well versed in Critical Infrastructure Protection standards; let the experts help you establish a Privileged Account solution appropriate for your organization. U.S. Cyber Command Commander and National Security Agency Director Michael Rogers said that it’s a matter of “when,” not “if” a cyberattack targets the critical infrastructure; don’t wait around to find out.

You can learn more about our approach by viewing our Privileged Access Management service area.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security