The recent attempt by malicious hackers to poison a Florida city water supply, highlights the public risks and exposure of critical infrastructures. Luckily, this incident was detected by an observant technician and mitigated before people were hurt, but it could have turned out far worse.
This incident was a near miss.
The attack method was not sophisticated, rather it leveraged a common remote software tool, popular on Windows systems. If the attack were launched by a professional with modern tools and methods, the result would have likely been different, to the health detriment of an entire community.
The simple reality is our nation’s 16 Critical Infrastructures (energy, water & sanitation, food distribution, healthcare, telecommunications, transportation logistics, emergency services, etc.) are all susceptible to cyber-attacks.
The digital revolution, bringing many of society’s building-blocks online, has tremendous advantages. Any industry that adopts the benefits of digital systems and oversight, to reduce costs and improve efficiency, also assumes the burden of cyber risk.
We cannot be surprised anymore or act as if it is not a pressing problem with the world’s critical infrastructure. We must expect these systems to be attacked and, in some cases, compromised. It places our security, privacy, and now most importantly people’s SAFETY at risk. These types of attacks will continue and increase in both quantity and severity.
Much of the critical infrastructure is owned and managed by businesses, while others are public works. All need protection. Real protection, at the level we would expect to prevent our drinking water from being turned toxic by a cyber threat.
All organizations that embrace digital technology must realize that proper cybersecurity is a required part of the equation. Critical Infrastructure leadership must proactively address the issue. Society wants to hear that they are taking cybersecurity seriously, prioritizing for sustainable safety, investing properly, leveraging the best available expertise, and managing the risks appropriately.
Anything less, is unacceptable.