In any global conflict, one of the primary threats posed is cyber actors disabling or destroying the adversary’s core infrastructure. Based on the global reaction to the current global conflict, countries fear retaliation. The concern is whether there will be collateral damage to critical infrastructure in other countries that are not directly involved in the current conflict – be it energy infrastructure, water supply or financial systems.
This is of particular concern given that in the United States, nuclear facilities, water systems, highways and other critical infrastructure have not been maintained to the extent that they should l being, including the software and technology that supports them.
Therefore, cyber concerns about critical infrastructure are realistic. “The convergence of [information technology] and [operational technology (OT)]as well as the layering of third-party digital products and services on top of existing systems in critical infrastructures, often compound the limited visibility and control that security teams have.
State and local governments were seeing an increase in threats to critical infrastructure. Security software found that such attacks increased by 102% in the first half of 2021. On March 7, the FBI issued a flash warning about ransomware, which had been identified as affecting at least 52 entities across 10 infrastructure sectors reviews. In February, it issued an advisory about ransomware that had compromised businesses in at least three critical infrastructure sectors in the United States.
Resource constraints such as budgets and staff are also issues. For example, some small agencies and municipalities do not have an IT department, forcing them to outsource cybersecurity or rely on unskilled employees. Congress’ recent $2 billion allocation for cybersecurity in the bipartisan Infrastructure Act may help, as the funds can be applied to critical infrastructure upgrades at all levels of government.
Two things agencies need to focus on are implementing technology and information management best practices, such as multi-factor authentication, network segmentation and access control, and implementation of quantitative risk management. Modernization can also enhance security. “As agencies look to adopt the cloud, they need to choose a cloud provider that can meet or exceed their defined data and security requirements.
In the long term, however, agencies need to adopt a security framework. He recommends the National Institute of Standards and Technology’s cybersecurity framework and participates in InfraGard, a partnership between the FBI and the private sector for the protection of American critical infrastructure. Agencies can access advice, conferences, webinars and alerts on the latest cyber threats. State and local entities can get involved in their local InfraGard chapter for their state or city.
As reported by OpenGov Asia, to improve coordination and strengthen cybersecurity efforts related to data collection and information sharing, New York has launched the Joint Security Operations Center (JSOC) to bring together federal, state , county, local and critical infrastructure partners. The JSOC will provide leaders across the state with a comprehensive overview of the cyber threat landscape and improve coordination regarding threat intelligence and incident response.
The JSOC will become a one-of-a-kind data-sharing hub designed to improve New York’s cybersecurity posture, officials said. The center will be headquartered in Brooklyn and will provide cybersecurity teams with a centralized view of threat data from federal, state, city and county governments, critical businesses and utilities.
This project is part of Hochul’s fiscal year 2023 budget, which allocates a historic $61.9 million to cybersecurity. It will expand the New York Cyber Red Team program that will expand phishing defenses, increase vulnerability scanning, expand penetration testing, and provide other cyber incident response services. These investments will allow the state to isolate and protect parts of its system if any part of the network is attacked.