The deadline of June 1 looms for the Department of Homeland Security to gather threat-based data regarding our nation’s critical infrastructure. According to Netgov.com, by September of this year, the DHS is tasked with putting together a plan to put that data to use. This should come as no surprise to security analysts as the rise in critical infrastructure attacks in the media has become more prevalent since the New York Times published articles about Stuxnet and joint Israeli-American involvement. More recently, the world has seen cyber-physical attacks in Ukraine against its bulk-electric system, in the United States against a NY flood-control dam, and several weeks ago in Sweden against an air-traffic-control system.
Attacks against critical infrastructure pose arguably the largest threat to any state, including the U.S. Their interdependencies and complicated private-public sector partnerships make for quite the quagmire. The United States alone categorizes 16 different critical infrastructure sectors which they define as,
“assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”
– Department of Homeland Security
It would be difficult to make a suitable comparison of the impact of a single major critical infrastructure attack could have versus the data-breaches that occurred over the last few years; let’s just say all previous breaches would pale in comparison.
Since the critical-infrastructure was not designed with security in mind, it soon could become all-too-real. That’s because the cyber-critical infrastructure has been built on programmable logic controllers, industrial control and SCADA systems, simple devices that don’t know right from wrong, and security has always been an afterthought. While the DHS figures out what to do with all the data they’re collecting, public and private sector critical infrastructure owners and operators need to prioritize their security and ramp-up the protection of these systems.
Critical infrastructure utilities can be proactive by implementing security tools to lock down and harden the attack-vectors of the industrial control systems. Utilizing Privileged Identity Management and Access suites like CyberArk provide an all-in-one solution for critical infrastructure operators. This is achieved by restricting access to privileged accounts, securing remote access, real-time monitoring of sessions and systems, and automatic management of privileged identities, all while meeting Critical Infrastructure Protection standards and reducing cost. It’s no wonder why 40% of Fortune 100 and 20% of Global 2000 companies choose CyberArk to protect their assets and infrastructure.
With 100% of advanced attacks exploiting privileged accounts, implementing an effective Privileged Account Management solution is vital. CyberSheath’s engineers are well versed in Critical Infrastructure Protection standards; let the experts help you establish a Privileged Account solution appropriate for your organization. U.S. Cyber Command Commander and National Security Agency Director Michael Rogers said that it’s a matter of “when,” not “if” a cyberattack targets the critical infrastructure; don’t wait around to find out.
You can learn more about our approach by viewing our Privileged Access Management service area.