I just found a great post by Morgan Wright, chief security advisor of SentinelOne. Here is a quick summary and a link to the full article is at the bottom. The recent attacks on water authorities like Aliquippa and St. Johns River have cast a spotlight on the vulnerability of critical infrastructure.
Such attacks are not just about causing physical damage; they strike at the core of society, threatening our basic needs for water, power, and safety. These incidents should be seen as potential precursors to larger conflicts, highlighting an urgent need for enhanced cybersecurity measures.
Why are these infrastructures targeted? The answer lies in their psychological and strategic importance. Unlike a temporary bank outage, disruptions in essential services like power and water supply immediately impact daily life, invoking a survival instinct among the populace. This was evident during the Colonial Pipeline ransomware attack, which led to widespread panic and hoarding of fuel, despite there being no actual fuel shortage.
This strategy of targeting critical infrastructure is known as Intelligence Preparation of the Battlefield (IPB), a concept originating from the Arab-Israeli War of 1973. It's a method to anticipate and influence enemy actions. Major global powers like Russia, China, and Iran have different motivations for such attacks. While Russia and China focus on IPB for strategic positioning, Iran's attacks, such as the one on Aliquippa, are more ideologically driven.
China's extensive preparation for digital and physical conflict is evident from their activities, including cyber attacks on critical US infrastructure. The US Department of Justice has also indicted Russian nationals for targeting critical infrastructure, highlighting the global scale of this threat.
The use of ransomware in IPB is particularly concerning. The FBI's 2022 report noted a significant number of ransomware attacks on critical infrastructure, often with the tacit approval of adversarial states. These attacks are not just financially motivated but serve broader strategic objectives.
As we approach the eighth anniversary of Russia's BlackEnergy malware attack on Ukraine's power grid, the lessons are clear. Understanding both the enemy and our own vulnerabilities is crucial, as Sun Tzu's "The Art of War" advises. These attacks are a stark reminder of the new battleground in cybersecurity: protecting the critical infrastructure that underpins our society. The urgency to fortify our defenses against such threats has never been greater, which starts with preventing social engineering attacks.