Cyberattacks on Critical Infrastructure

Mar 3, '21 by Joerg Schneider-Simon

In December 2020, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that a suspected Russian hack "poses a grave risk to the federal government." The agency added that "state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations" are also at risk.

CISA believes the hack began as early as March 2020. Since then, multiple US federal government agencies, including the Department of Energy, have reportedly been targeted by the hackers.

CISA has not identified the advanced persistent threat actor behind the significant and ongoing attacks, but many experts say the attacks are of a scale and level of sophistication only possible by nation states, and that Russia is the leading suspect.

America’s a Major Target … but Not the Only One

Russia, of course, is just one of multiple nation-state actors who are targeting critical infrastructure in the US, according to a White House report involving the National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

These nation states are targeting the internet-connected operational technology being used in US critical infrastructure, such as electricity, water, and gas facilities. In response to these threats, the NSA and CISA have directed the owners and operators of critical infrastructure to take immediate action to secure these systems.

They’re not alone. Other countries like Japan, Iran, Germany, Ukraine, Israel, and the EU have fallen prey to critical infrastructure attacks in recent years, causing countries like Australia, the United Kingdom, and Canada to issue warnings about these types of cyberattacks.

What Critical Infrastructure is Being Targeted by Cyberattacks?

Critical infrastructure consists of the systems, facilities, technologies, and services that are essential to the well-being of a country’s population and its government. Critical infrastructure includes:

  • Communications
  • Transportation
  • Energy generation and distribution facilities
  • Nuclear reactors, materials, and waste sector
  • Water and wastewater facilities
  • Hospitals and healthcare facilities
  • Government buildings
  • Emergency services
  • Defense
  • Financial services sector
  • Food and agriculture sector
  • Dams

The World Economic Forum (WEC) estimates that cyberattacks on critical infrastructure—rated the fifth top risk in 2020 by their expert network—are now the new normal across energy, healthcare, transportation, and other sectors. 

The WEC notes that attacks on critical infrastructure have affected entire cities, and that both public and private sector organizations are equally at risk of being held hostage to ransomware and other attacks.

The threat of cyberattacks on critical infrastructure are particularly grave for a number of reasons:

  1. Organized criminals are joining forces to use cyberattacks to extort money from their victims.
  2. The Internet of Things, and particularly the Industrial Internet of Things, is expanding the attack surface every day.
  3. The likelihood of getting caught and prosecuted is as low as 0.05% in the United States.
  4. Cybercrime-as-a-service is now a business model, one that criminals without technological savvy can simply rent by the month.
  5. Hacking tools are more accessible and affordable than ever before thanks to the Darknet.

Top Cybersecurity Threats Against Critical Infrastructure

Cyber threats against critical infrastructure are unique because they bridge the gap between the cyber world and the physical world. Attacks on critical infrastructure typically aim to destroy, incapacitate, or exploit energy facilities, water treatment plants, dams, communications systems, and other critical infrastructure in order to:

  • threaten national security
  • destabilize governments
  • cause mass casualties
  • weaken national economies
  • damage public morale

Attack methods include malware, spyware, distributed denial-of-service, phishing, and ransomware.

Protecting Mission-Critical SAP Systems

In many cases, protecting critical infrastructure against cyberattacks means protecting the SAP systems that offer hackers access to this infrastructure.

Here are the steps you must take to deter cyberattacks on your SAP systems.

The attack on US government departments that was uncovered in December 2020 had likely started months before. Experts estimate that the hackers penetrated key government networks in March, and moved around freely for at least six months before they were detected. In short, it’s never too early to start putting increased security measures in place.

If you think you might be at risk, read about the Three Signs You Are Vulnerable to an SAP Cyberattack (and How to Respond). And if you need help protecting your SAP systems from viruses, content-based attacks, particularly your web-facing SAP applications, get in touch for a free consultation.

New call-to-action