Cybersecurity Threats To Critical Infrastructure.

• Date: 01 May 2023
• Author: Zemel, Franklin L.

Cyberattacks on critical infrastructure are increasing at an alarming rate. (1) A 2022 survey of organizations in the United States, Japan, and Germany revealed that 89% of responding critical infrastructure firms had experienced cyberattacks impacting production and energy supply over a period of 12 months. (2) The research also found that 40% of respondents were incapable of blocking the initial attack. (3) Additionally, 48% of respondents who reported disruptions do not always make improvements to minimize future cyber threats. (4) Perhaps more alarming, the average cost of a breach on critical infrastructure is rising at a precipitous rate. (5)

The consequences of these attacks far surpass the effects felt on the everyday level. Imagine a hospital that experiences a cyber disruption to its health-monitoring devices that transmit patient health information or an oil refinery or natural gas pipeline that loses the functionality of the operational technology systems that move fossil fuels causing major supply disruptions as well as increases to gas and energy prices. The commonality among cyberattacks to our infrastructure is losing the ability to perform or control a core function. No longer is financial damage the predominant consequence of an infrastructure cyberattacks. Loss of, or injury to, human life are now also in the crosshairs.

A Recent Cyberattack Could Have Poisoned Thousands of Floridians

An example of a cyber-infrastructure threat involved the water treatment plant in Oldsmar, which a threat actor breached, then compromised through remote access, and attempted to change the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million--a likely fatal poisoning event to many of its customers. (6) The threat actor's identity has not yet been publicly disclosed. Was it some enemy nation-state or some other highly sophisticated threat actor? Not likely. Experts who have evaluated the attack reported that the breach and compromise were not a particularly sophisticated attack but were, instead, the digital equivalent of passing through an unlocked door. (7) No demands for ransom have been acknowledged--at least publicly. It seems likely to have been either malice or mischief. The "why" is not as important as the "how." Simply stated, the Oldsmar plant's cybersecurity mechanisms were well-short of what ought to be generally accepted standards.

Thankfully, the alteration in the lye concentration was immediately detected by a plant operator who normalized the levels before the attack had any impact on the system, therefore, averting a potentially lethal threat. Many, however, would agree that Oldsmar and its customers were lucky the result was not worse.

A Cyber Breach at Colonial Pipeline Triggered A National Emergency

Another attack on our infrastructure was the May 7, 2021, ransomware attack on the Colonial Pipeline--a system of more than 5,000 miles of pipelines from Texas to New Jersey, which disrupted fossil fuel distribution throughout the East Coast of the United States causing a spike in gas prices, panic buying, and localized fuel shortages. (8) As a result, the U.S. president issued a declaration of emergency on May 9. Due to the Colonial Pipeline's poor cybersecurity hygiene, a bad actor installed ransomware on the Pipeline's IT network, crippling its functionality, by accessing its systems through a network user profile that lacked an industry standard multifactor authentication safeguard. The pipeline's CEO, Joseph Blount, Jr., testified to the U.S. Senate that the network profile used by the bad actor was not intended to be...