Critical infrastructure cybersecurity has been a major part of cross sector discourse over the last several years. But with each large-scale incident, we are reminded why this is a constantly evolving topic. The latest proof point is the case building around Volt Typhoon, a China-based hacking group stirring major concern among the government and infrastructure operators.
CISA, NSA, and FBI Issue a New Warning
According to an advisory recently published by the CISA, NSA, and FBI in conjunction with cybersecurity representatives in Australia, New Zealand, and the U.K., hackers suspected to have ties to China’s government have been taking action to impact IT and OT systems associated with critical infrastructure facilities. The group, known as Volt Typhoon, “stole multiple zipped files that ‘included diagrams and documentation related to OT equipment, including supervisory control and data acquisition (SCADA) systems, relays, and switchgear,’” as reported by The Record. This builds on a reputation that Volt Typhoon has already established with authorities, which have tracked attacks by the group in the United States as well as territories such as Guam. One such attack was carried out against a water utility. In turn, the Biden administration released an executive order in February that calls for enhanced security for water and wastewater systems.
Protecting Ports and Other Essential Systems
In addition to water and wastewater systems, the executive order also lays out cybersecurity requirements for US ports. As Security Week explains, it focuses specifically on the risk that cranes made by China pose to US ports and their OT networks. Considering the growth in cyber threats that these systems and locations face, the order provides the Coast Guard with the authority to put forth rules that enforce both cybersecurity and reporting standards for waterfront facilities and vessels.
But the call to shield critical infrastructure doesn’t end at the coast. Our healthcare system is also in need of stronger cybersecurity as an attack on Change Healthcare just solidified. According to Fierce Healthcare, “UnitedHealth Group…disclosed in a Securities and Exchange Commission filing that a ‘suspected nation-state associated cybersecurity threat actor’ is behind a recent cyberattack on Change Healthcare.” Although the company reacted quickly once it identified the problem, the incident helps to paint the larger picture that important systems are constantly under cybersecurity risk in today’s environment.
Sources:
- “CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’” – Jonathan Greig, The Record
https://therecord.media/cisa-fbi-warn-of-china-linked-hackers-targeting-critical-us-infrastructure - “US sounds cybersecurity alarm over water systems in latest wave of China-linked warnings” – Steve Zurier, SC Media
https://www.scmagazine.com/news/us-offensive-to-protect-critical-infrastructure-points-to-growing-cyber-conflict-with-china - “Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes” – Eduard Kovacs, Security Week
https://www.securityweek.com/executive-order-on-port-cybersecurity-points-to-it-ot-threat-posed-by-chinese-cranes/ - “UnitedHealth says a likely ‘nation-state actor’ behind Change Healthcare cyberattack” – Paige Minemyer, Fierce Healthcare
https://www.fiercehealthcare.com/payers/optums-change-healthcare-responding-cybersecurity-issue
