The January 2020 edition of the USA’s National Intelligence Strategy Report warns that “Cyber threats will pose an increasing risk to public health, safety and prosperity as information technologies are integrated into critical infrastructure, vital national networks and consumer devices…” US National Intelligence Director Daniel Coats added that “the warning lights are blinking red.”
In an article published in February 2020 in Security Week, industrial systems were named the latest geopolitical battleground. Explaining the appeal of industrial control systems (ICS) as prime targets, the article stated that 45% of Fortune 2000 companies rely on ICS networks for their daily running, in sectors that include water, electricity, food and beverage, mining, pharmaceuticals and more. The remaining 55% rely on ICS for basic needs such as transportation, illumination, HVAC systems, etc. A second important reason for which industrial networks are an appealing target is that they are not only ubiquitous, but have extremely long lifecycles – many have been operational for 35 years or more, and while these are connected to IT system for automation and inputs, they lack the necessary security controls.
In the aftermath of the Colonial Pipeline cyber attack (see below), in July 2021, the White House published a national security memorandum with the aim to strengthen cybersecurity for critical infrastructure. The memo states: “The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.”
The same month, the US Transportation Security Administration (TSA) issued a directive requiring oil pipeline operators to implement specific measures to protect against ransomware and other threats to their business and operational technology (OT) networks. This was the second directive issued by the TSA to oil and pipeline operators within a two-month period, highlighting the level of risk of cyber attacks against critical infrastructures identified by the US government. It also mentioned concerns of attacks by groups backed by the Chinese government, shared by President Biden, who publicly accused China’s Ministry of State Security (MSS) of perpetrating cyber-espionage campaigns and destructive attacks against US government, commercial and critical infrastructure targets through hacker groups.