Over the last few years, critical infrastructure protection (CIP) has become a more prominent topic of interest for many experts within the field of cybersecurity, both in the private and public sectors alike. Unfortunately, the federal government and private utility companies have struggled in its attempts to form a successful partnership in the battle over hardening and maintaining a secure critical infrastructure for the nation for a variety of reasons. More specifically, the primary focus has been on the countless vulnerabilities that have been revealed in the primary system used to manage and monitor crucial systems that have remained much the same since its inception in the early 1960s. The Supervisory Control and Data Acquisition (SCADA) is a legacy system that is responsible for managing the vast majority of components that make up what is known as the power grid. In addition, water dams, water purification, and sewage systems are all generally managed by some form of a programmable logic controller (PLC) and monitoring system throughout the United States and beyond.
What is SCADA?
It should come as no surprise that over the years, SCADA has served as a major contributor to modern-day civilization as we know it in the western hemisphere. Without a properly functioning system such as SCADA, everyday conveniences we all take for granted, such as sewage and flood control (water damns), electricity, and more, would be very difficult if not impossible in some cases. Consequently, the dependence on SCADA and other antiquated applications with lengthy lists of known and unknown vulnerabilities to manage the critical infrastructure systems and services throughout the nation has frightened everyday citizens and professionals alike who are concerned for our national security.
What can we expect?
The rise in cybercrime and cyberterrorism both at a domestic and foreign level only further solidify these concerns as tensions continue to escalate between the United States and other countries who may not be overly fond of our nation for a variety of reasons. One example of such attempts includes a successful attack executed by Iranian hackers who took control of the power grid and water dams just outside of New York City back in 2013. Since then, attacks have increased both from malicious individuals, foreign and domestic. Consequently, we will inevitably face more advanced persistent threats (APTs) to our critical infrastructure now and in the future, and we need to prepare by working together.
Perhaps one solution that could potentially improve overall protections for the critical infrastructure would be for the federal government to assist in monitoring critical infrastructure systems, such as SCADA and others. This must be done while allowing cyber threat intelligence to be shared not only amongst federal entities but also designated stakeholders such as utility companies, as well as local and state officials and any other organizations responsible for oversight and maintenance of critical infrastructure components. At present, privately-owned organizations that supply critical infrastructure services for public consumption are not mandated at a local or federal level to follow any specific set of standards and/or security framework for establishing the proper set of security controls and hardening techniques for critical systems and applications, unlike those subjected to laws such as HIPAA (medical), FERPA (education), and PCI DSS (finance) regulation.
By establishing a federally recognized set of standards and/or regulations containing not only best practices for securing hardware and software but also guidance for sharing and collaboration, risks to the critical infrastructure may be reduced dramatically. Meanwhile, it is important to consider providing some type of tax or other incentives to private sector infrastructure stakeholders to ease the transition into much-needed improvements to critical infrastructure protection.
Consider hiring a professional service that can monitor and protect the critical infrastructure systems of your organization. Hire EC-Council Global Services’ Business Continuity Management/ Disaster Recovery Planning to protect your critical infrastructure at the time of need. Additionally, to gain a real-time analysis of security alerts, take a look at the Security Incident and Event Management (SIEM) & Security Operations (SOC) services offered.
Engage with EGS!
Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.
Posture Assessment Survey
An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization.
Connect with us to take a FREE 15-Minute Survey. This will be followed by a remediation plan of the identified gaps and the development of a roadmap for transformation.
FREE Phishing Simulation
To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed, actionable report.
OhPhish is the fastest growing integrated platform for security awareness training. You can train your users, phish them, review results, and repeat to ensure your company is on top of this game.
Vulnerability Assessment & Penetration Testing (VAPT)
EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report!