In a series of announcements this week, officials announced new cybersecurity requirements for the railway and aviation industries, and fined federal contractors who failed to report violations. The second set of mandatory operations follows the cybersecurity regulations issued earlier this year for US pipeline operators, as well as the separate authorization of government contractors to strengthen their networks.
The White House also announced last week that after 100 days of efforts to improve the cybersecurity of the U.S. Balkan power grid, it is “working hard to deploy action plans for other critical infrastructure sectors.”
A senior defense official said that protecting the transportation and energy infrastructure on which the Americans — and the US military — depend is a top priority.
In an exclusive interview with CNN, Deputy Secretary of Defense Catherine Hicks said: “These have a direct impact on our ability to perform military operations in the future.” “We believe that these are when China or Russia is considering military operations. A goal that will be pursued.”
Hicks said China and Russia are still the “priority” priorities of the Ministry of Defense, “because they have so many capabilities, and then Iran and other countries’ secondary priorities.”
The U.S. suffers from a series of ransomware attacks
While pushing for this move, U.S. officials are also working to respond to a series of ransomware attacks launched by cybercriminals on critical infrastructure, including attacks on colonial pipelines, which were interrupted for most of the week in May Natural gas supply on the east coast.
Other minor hacking attacks—such as the destruction of a water treatment facility in Florida in February, raising the level of treatment chemicals in the water to potentially toxic levels—show how some critical infrastructure sectors have better Resources to protect yourself. For example, large power companies in the United States have invested millions of dollars in cyber defense, while water plants in small towns are often in short supply.
Although the Department of Homeland Security is the lead agency working with private companies to improve its cyber defenses, Pentagon officials are focused on protecting defense industrial bases from supply chain hacker attacks and considering cyber security aspects of future conflicts.
For the Department of Defense, this is a relatively new issue, which has long been concerned about more traditional “kinetic energy” threats against the United States-such as terrorist attacks using conventional bombs, and even nuclear threats from rogue North Korea.
Hicks said: “Associating domestic and overseas military operations is not the idea of most Americans.” “And this is not something the Department of Defense has to worry about for years.”
“This is a major change,” she added.
But Rob Joyce, director of the US National Security Agency’s Cyber Security Agency, said at the Aspen Cyber Summit last week that cyber security officials have long been concerned about Russia’s “predetermined” efforts to target critical US infrastructure.
“We have seen them actively using destructive influences on a global scale. And we have seen evidence of pre-provisioning for critical US infrastructure,” Joyce said. “All things that cannot be tolerated, we need to oppose.”
According to some U.S. officials and private sector experts, some Russian hacker groups specialize in infiltrating critical infrastructure companies to collect information, and in some cases, may be to gain a foothold in the network in the event of a conflict.
The challenge of protecting infrastructure not under federal control
Part of the challenge facing government national security officials dealing with this issue is that most critical infrastructure is not under federal control. The government has to try to coax, persuade, cooperate, and sometimes requires a large number of different organizations to strengthen their cyber security efforts.
One of the important lessons the Pentagon has learned from the SolarWinds hack is that Russian espionage operations destroyed at least nine federal agencies in 2020. It made it clear to officials that “we are in partnership with the wider ecosystem of commercial and industrial bases and research centers. “Hicks said.
She said the Pentagon’s approach is to “make sure that our industrial base partners are strong and we have a way to help them realize this when they encounter challenges.”
To bridge the gap between federal proprietary technology and the private sector, the U.S. Cyber Command signed a cooperation contract with a local digital security non-profit organization in 2018 to open an innovation center in Maryland and cooperate with private companies to strengthen Critical infrastructure network-from traffic lights to water treatment facilities.
Hicks pointed out that “the investigation by the Department of Defense still did not show that SolarWinds poses a direct risk to the Department of Defense’s network,” but she said, “we don’t think this is just a signal. In this case, we are doing well, but we must Stay vigilant because they will continue to attack us.”
Sean Lyngaas of CNN contributed to this report.