Addressing cybersecurity threats to critical infrastructure requires proactive action from government and industry

By James Hayes, Vice President at Tenable

Cyberattacks continue to pose immense threats to some of the most critical infrastructure around the world, from defense capabilities to the electric grid. This year, a denial of service attack caused a grid cyber disruption at a Western utility, marking the first time a digital attack interfered with American electrical grid operations. Though the attack didn’t cause grid unreliability or outages, it was a stark reminder of the dangers of power grid malfunctions or interference.

Robust cyber hygiene remains one of the strongest defenses against these types of attacks, given that many of them come from unsophisticated attackers who exploit known vulnerabilities. These cybercriminals can use simple techniques to randomly attack vulnerable critical infrastructure. Universal security systems are at high risk of an attack due to the lack of protection surrounding known vulnerabilities. The challenge remains, however, to ensure that those who make up much of the critical infrastructure supply chain are consistently practicing good cyber hygiene.

Earlier this year, Tenable’s Senior Director for Strategic Initiatives Eitan Goldstein moderated a panel with U.S. government officials at MeriTalk’s 2019 Cybersecurity Brainstorm. The group discussed ways to prioritize cybersecurity and prevent an attack, rather than waiting for one to happen. Bob Kolasky, the Assistant Director of the National Risk Management Center for the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, highlighted the fact that while the private industry understands the risks a cyberattack poses to their bottom line, local governments should be encouraged to address vulnerabilities before they turn into major incidents like the ransomware attack in Baltimore City.

As digital transformation continues to connect devices that were once-isolated systems, they’ve become increasingly high-value targets. Organizations must have a unified, risk-based view of IT and operational technology (OT) security to fully understand and reduce cyber risk across the entire modern attack surface.

Governments around the world have an important role to play to reduce this cybersecurity threat. Just one example of government working to address the threat is in the U.S. Congressmen Jerry McNerney (D-CA) and Bob Latta (R-OH) introduced legislation to promote public private partnerships between the Department of Energy and industry and other stakeholders to develop guidance, maturity models, training and other best practices for electric utilities. Sens. Lisa Murkowski (R-AK) and Maria Cantwell (D-WA) have introduced bills to provide cybersecurity investment incentives for the electric industry, and to develop advanced cybersecurity applications and technologies for the energy sector, respectively.

In today’s world, the most serious threat to critical infrastructure across the globe stems from cyberattacks on aging software and connected devices. It is increasingly important that the governments around the world partner with industry to play an active role in protecting these systems, through programs that encourage strong cyber hygiene to new policies that help facilitate information sharing among governments and industry associations. Tenable looks forward to continuing to work with our partners on Capitol Hill and beyond to better secure the world’s critical infrastructure.