On May 9 the Department of Homeland Security warned of a heightened risk of a cyberattack that could disrupt the control systems of U.S. companies providing critical infrastructure services, including cellphone networks, water and electric utility grids. The warning comes on the heels of a new wave of attacks against US energy companies. So far the attacks appear to be probes into the processing control systems, and Homeland Security has not revealed where the attack s originated.
This news is of great concern. The United States infrastructure is primarily maintained by private industry that is currently vulnerable to cyber attacks. While the government has recently taken some steps to address the issue through sharing of information and advice, no concentrated effort to keep our lights on and water flowing has yet been proposed.
In general, attacks against US companies have been rooted in espionage – the theft of trade secrets and confidential information. These new probe attacks appear to focus on access to networks that provide energy or drive American industry.
The warning underscores the immediate need for US industry to implement robust cyber defense safeguards. The first step in protecting from cyber attacks is to understand a corporation’s vulnerabilities. Just as the attacks appear to be probing industry for intrusion pathways, a corporation can proactively assess its own network and lock down potential vulnerabilities. In light of the recent warning, a vulnerability assessment is not just part of best business practices, it is critical to protect the future health of the company.
If you’d like some help or more information on how you can conduct a vulnerability assessment –The Georgetown Group has a robust cyber security practice. Email me if you need help.
For further reading on the issue, the New York Times and Washington Post have recently reported on the warning.