A host of botnets and new malware emerged last year. As we know too well, threats to supervisory control and data acquisition networks aren’t going away.
Nearly 70 percent of organizations responsible for power, water and other critical functions reported at least one security breach that led to the loss of confidential information or disruption of operations, according to a 2014 Ponemon Institute study for Unisys.
Activity appeared to have shifted somewhat last year, with other sectors like healthcare and professional services more heavily targeted, according to the Cisco 2016 Annual Security Report. Of course that doesn’t mean that government, utilities, agriculture and mining sectors are now immune — all continue to block attacks. One thing is certain: We don’t know when or where the next attack might happen, and IT teams within all sectors must maintain vigilance, 24/7.
Municipal utilities continue to represent prime targets, and perhaps find themselves more vulnerable not because of the security infrastructure — or lack thereof — in place, but instead because of the nature of the systems they protect. The Department of Homeland Security identifies 16 critical sectors whose assets are so vital “that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”
Those include the chemical, communications, energy, food and agriculture sectors; healthcare, and emergency services; critical manufacturing dams; and transportation, water and wastewater systems — most of the infrastructure and services for which state and local governments are responsible.
As the next generation of cybersecurity solutions evolve, it pays to remember that IT security requires defense in depth, or a complex mix of solutions that help IT and other managers guard every layer of infrastructure.
All organizations today are IT companies to some degree because they depend on their IT and operational technology to stay connected and successfully deliver services. All managers, whether on the IT side or on the operational side, should understand the nature of all potential threats. Proper training and annual or semi-annual updates keep everyone in the loop and on the same team in the fight against cybercriminals and threats.
As IT and security professionals learn more about improving their defenses, they tend to outsource security tasks that may be managed more efficiently by a third-party consultant or vendor. Outside help may prove even more crucial as the toolset required to identify and halt threats grows. Security architecture is a rich mix of technology, including firewalls, data loss prevention, authentication, encryption and email and web security, which together offer greater visibility and control along with better protection.
Cisco’s study goes on to report that many teams intent on improving the effectiveness of their security postures frequently cite budget constraints (39 percent) at the top of the list of reasons why specific security services and tools are chosen. Successful managers have overcome the budget battle by separating security needs from the broader IT budget.
Improving security knowledge requires ongoing training and updates in how to respond to threats, which also continue to change and adapt. Proactive and ongoing collaboration among common stakeholders statewide, or in state and local governments nationwide, are your allies in combatting increasingly bold and persistent cyberthreats.
A global network of partners proved instrumental in sidelining the Angler exploit kit and weakened SSHPsychos, one of the largest distributed denial of service botnets Cisco researchers ever observed. Just imagine what a group of well informed and determined municipal utility managers can accomplish.