While oil and gas may be top of mind when it comes to critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) categorizes 16 sectors as critical infrastructure. As StateScoop describes, these “systems and networks are considered so vital to the United States that any disruption to their operations would have crippling effects on national security, economics, public health and safety.” Within that definition are systems such as healthcare and water and wastewater facilities, all of which are at the risk of cybersecurity vulnerabilities and cybercriminals.
Medusa and Salt Typhoon
The most recent case of threatening cyber activity in critical infrastructure comes from Medusa. Several U.S. federal organizations issued an advisory concerning the ransomware gang, which was first flagged in 2021. The advisory warns that Medusa has infiltrated over 300 critical infrastructure organizations across the globe. Its targets have consisted of a range of critical infrastructure entities from the medical, education, insurance, tech, and manufacturing fields among others.
Medusa certainly isn’t the only concerning group. There have been other prominent threat actors such as Salt Typhoon, which gained attention for taking advantage of vulnerabilities including outdated systems and lack of preventative measures like suspicious activity detectors.
Protecting Critical Infrastructure Across the Board
Overall, these threats to critical infrastructure impact so many operators and communities. As David Jones reports for Cybersecurity Dive, “State and local communities are facing a rise in cyber threats from nation-state-linked and criminal threat groups, which in many cases are looking to undermine confidence in public institutions, according to a report by the Multi-State Information Sharing and Analysis Center.”
At the end of 2024, officials in Rhode Island were forced to deal with a cyberattack that affected a site controlling food and healthcare services for residents in need. That’s just one example of the other critical networks requiring protection. In order to block such occurrences from taking place and from threat actors like those listed above from taking advantage, strategic cybersecurity measures must be put in place. These strategies must also cover all potential bases. Integrating a mix of monitoring and zero-trust frameworks is and will continue to be essential.
Sources:
- “Critical infrastructure relies on ‘whole-of-state’ information sharing, says report” – Sophia Fox-Sowell, StateScoop
- “Over 300 Critical Infrastructure Organizations Hit by Medusa Ransomware Attacks” – Alicia Hope, CPO Magazine
- “Salt Typhoon: A Wake-up Call for Critical Infrastructure” – Gabrielle Hempel, Dark Reading
- “Critical infrastructure at state, local levels at heightened risk of cyberattacks” – David Jones, Cybersecurity Dive
https://www.cybersecuritydive.com/news/critical-infrastructure-state-local-cyber/741273/
