In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.
In 2017, the financial impact of cyberattacks reached $5 billion and the monthly attack rate was 10-times the rate of attacks in 2016. The industrial and personal reliance on the U.S. power grid makes the impact of a successful attack troubling.
Joshua Dean, Director of Security for San Antonio Water System (SAWS), is in charge of keeping assets safe and secure, so that the 1.8 million people in the region don’t have an interruption to their water and sewer services.
“Water is the most precious resource in the world. You can live without food for a while, you can live without electricity, you can live without transportation, you can live without internet (despite what my kids say), but you cannot live without clean water. And that’s what makes my position so challenging,” says Scott Starkey, Security Manager for Birmingham Water Works.
In order to achieve more while reducing costs, many enterprises’ security leaders have turned to automation. By adding thermal cameras as part of a larger intrusion detection system, security departments can reduce false alarm rates and even bring operational value back to the enterprise. Off the coast of Venezuela, there is a cluster of oil platforms.
In the latest development since the targeted attack on a southern California Pacific Gas & Electric Co. substation last April, PG&E is offering a $250,000 reward for information leading to an arrest and conviction in the attack.
Sen. Charles Schumer (D-NY) warns that the April 16, 2014, attack on a California power plant proves that terrorists could take down whole stretches of the U.S. power grid. Schumer said Sunday that power companies currently have the right to veto proposed security requirements, but he is calling for the federal energy regulator and the Department of Homeland Security to draft tougher security standards overseen by Congress that would end the industry’s veto rights.
“Leaders get recognized for their ability to mitigate problems and choose effective strategies. The same is true for security… The status quo or yesterday’s success is never good enough.”
November 5, 2013
“Security is about enabling a mission. Business leaders are able to take our tools and apply them to a variety of settings to create success. Our job is to create an environment of success for the enterprise. It is not what we do, rather, it is how we enable the enterprise to achieve its goals,” shares Frank Taylor, Vice President and Chief Security Officer for The General Electric Company. It is important to note that as you read this, one of America’s (not just security’s) greatest leaders and thinkers will have retired, again.