Recently, CNN reported an official federal investigation into a possible cyberattack launched against a sector of America’s critical infrastructure, a water treatment plant in Springfield, Illinois. Officials originally thought that this was the first known cyberattack against America’s critical infrastructure, yet ultimately, a foreign state wasn't to blame for the attack. Still, the entire incident highlights how, as tax-paying citizens, we need our government to do more to ensure that we are better prepared for cyberattacks.
Joe Weiss, a notable cybersecurity expert, originally believed there was evidence to suggest this attack could be traced to Russia. Weiss based his information off a report which noted, “[i]t is believed that hackers had acquired unauthorized access to the software company’s database.” It turned out to be a false alarm set off when an American contractor logged onto the Illinois pump system remotely, while vacationing in Russia.
Yet the panic that ensued after initial reports of a cyberattack reveals an urgent need to devote attention and resources to cybersecurity; local governments are often unequipped for cyber defense. The problem, according to Dave Marcus, director of security research for McAfee Labs, lies in the fact that “[s]o many [state-run critical infrastructure facilities] are ill-prepared for cyber-attacks.”
Even though it’s so easy to launch cyberattacks against America’s critical infrastructure, it is difficult to convince financially and/or politically constrained local governments to divert resources to provide the needed security to protect local utilities. What can be done? Weiss makes the following recommendations for the government: Better coordinate and share information with industry; provide control system cybersecurity training and policies for utility companies; implement control system forensics at utilities.
But, these general recommendations have been on the table for a long time – the Department of Defense conducted two cyber-exercises in 1997 code-named ELIGIBLE RECEIVER and SOLAR SUNRISE, both of which tested America's preparedness for cyberattacks against U.S. defense networks. President George W. Bush outlined a national cybersecurity strategy in 2003 and President Barack Obama has done the same. Thus, Weiss’ recommendations show the U.S. government is still not doing enough to prepare for cyberattacks against U.S. infrastructure.
The American people pay taxes in return for security. As such, the government needs to get more serious in preparing the U.S. for cybersecurity issues like attacks on vital infrastructure like water plants.
Photo Credit: Skynetcusco