The IT services firm's most recent Cyber Security in Critical National Infrastructure report is based on interviews with over 1000 CISOs and equivalents from CNI providers in the United States and the United Kingdom.
It found that over a third (31%) identified "trust in cybersecurity tools" as a key challenge this year, up 121% from the 2023 edition of the survey.
Confidence in tools took a hit last year when the UK joined the US and other nations in warning providers of key services about China-backed action against CNI, according to the research.
74% of respondents expressed fear about Chinese state actors, which is comparable to 73% anxiety about Russian state operatives.
These worries are likely to have been heightened recently, with the United States warning in February that Chinese agents have pre-positioned themselves in several CNI networks to unleash damaging strikes in the event of a military conflict.
Budgets have declined in tandem with trust in tooling. According to the research, the share of IT (33%) and OT (30%) budgets set aside for cybersecurity has dropped drastically from 44% and 43% the previous year, respectively.
The dramatic reduction is evident across the board, from new recruits to training and risk assessments to technological investments.
Despite these financial challenges, nearly a third (30%) of CNI respondents who were victims of a ransomware attack last year informed Bridewell that they paid the extortionists.
Bridewell cautioned that, in addition to the fees, CNI enterprises could face legal consequences.
Ransom payments could, for example, be sent to persons facing legal repercussions from the United Kingdom, the United States, or the European Union. The UK's Office of Financial Sanctions Implementation has warned that payments may violate the law in other jurisdictions, according to the report.
Interestingly, more than a quarter (27%) of respondents reported that ransomware intrusions had a psychological impact on employees.
Bridewell CEO Anthony Young expressed sympathy for those firms that do wind up paying.
If the firm is unable to recover, paying the ransom may be the only viable alternative for resuming operations short of reinstalling its systems from the start, he argued.
However, this tough decision can be avoided by implementing a security plan that reduces the possibility of threat actors obtaining access and moving through your systems without being detected and effectively removed.
In recent warnings issued by the Department of Homeland Security (DHS), a concerning trend has emerged: emergency services are increasingly vulnerable to cyber-attacks, particularly ransomware incidents. These attacks pose significant risks not only to operational efficiency but also to public safety and the security of personal information.
Ransomware attacks, for those unfamiliar, involve hackers infiltrating computer systems and encrypting data, demanding payment for its release. Emergency services, including police departments and 911 call centres, have become prime targets for these attacks, leading to severe disruptions in critical operations. Picture a scenario where accessing emergency services during a crisis becomes impossible due to system outages—it's a frightening reality that stresses upon the urgency of addressing cybersecurity vulnerabilities.
The repercussions extend beyond mere operational disruptions. Cybercriminals gain access to highly sensitive personal information and police records, which can be exploited for various illicit activities, including identity theft and extortion. Such breaches not only compromise individuals' privacy but also undermine law enforcement's ability to effectively respond to emergencies, posing a significant threat to public safety.
One of the primary challenges in combating these cyber threats lies in the lack of resources and expertise at the local level. Many state and local governments, responsible for managing emergency service networks, struggle to keep pace with the rapidly expanding aspects of cybersecurity. Outdated technology systems and a shortage of cybersecurity personnel exacerbate the problem, leaving critical infrastructure vulnerable to exploitation by malicious actors.
Recent incidents in Bucks County, Pennsylvania, and Fulton County, Georgia, serve as stark reminders of the vulnerabilities within emergency services. In Bucks County, dispatchers were compelled to resort to manual processes after a cyberattack paralysed the 911 system, while Fulton County endured widespread disruption to government services following a cyber intrusion.
To address these challenges effectively, collaboration and preparedness are the key. Communities must prioritise cybersecurity measures, investing in modern technology systems, and providing comprehensive training for personnel to identify and respond to cyber threats promptly.
As society continues to rely increasingly on digital foundation, safeguarding critical services, particularly emergency response systems, becomes imperative. By remaining vigilant and proactive, we can fortify our communities against cyber threats, ensuring that emergency assistance remains readily accessible, even in the face of malicious cyber activity.
The cybersecurity of America's dams has come under intense scrutiny, with experts warning of the potential for devastating cyberattacks. Concerns were raised during a recent hearing on cybersecurity threats to critical water infrastructure, where Senator Ron Wyden expressed fears of cyberattacks causing catastrophic floods and chaos in communities.
Current Vulnerabilities
Despite the growing cyber threat, most dams under Federal Energy Regulatory Commission (FERC) oversight have not undergone comprehensive cyber audits. With only four full-time employees overseeing 2,500 dams nationwide, experts agree that the sector is vulnerable to cyberattacks that could result in loss of human lives.
Ageing Infrastructure and Lack of Regulation
The majority of U.S. dams are privately operated, with FERC's cybersecurity requirements for commercial dam operators last updated in 2016. Only 5% of the 91,827 dams in the United States fall under federal regulation, and many of them are ageing, with approximately 2,200 classified as "high-hazard" and in poor condition.
Industry Challenges
The water industry, including dam operators, is considered one of the least secure sectors in terms of cybersecurity. Corporate cultures centred around traditional engineering and operational technology pose challenges in adapting to the fast-paced IT and cyber world.
Government Response
FERC has cited a lack of funding and staff as reasons for not being able to audit remaining dams within the next decade. Additionally, the commission's cybersecurity rules only apply to dams that are remotely managed over the internet, leaving on-site operators unregulated.
Senator Wyden urged Congress to address the lack of comprehensive cybersecurity regulations across critical infrastructure sectors and accelerate the development of cybersecurity standards for dams. Without forceful government mandates, experts warn of the potential for a catastrophic cyberattack that could result in loss of life and severe operational disruptions.
FERC is in the process of developing new cybersecurity guidance for the dam sector, expected to be completed within the next nine months. However, national security experts stress the urgent need for federal support to enhance the cybersecurity posture of dam operators and mitigate the risks posed by cyber threats.
With outdated infrastructure, lack of regulation, and growing cyber threats, urgent action is needed to safeguard critical water infrastructure and prevent potential disasters.
Malicious Software (Malware): Charging stations at airports can be tampered with to install malicious software (malware) on your device. This malware can quietly steal sensitive information like passwords and banking details. The Federal Bureau of Investigation (FBI) has also issued a warning against using public phone charging stations, including those found at airports.
Juice Jacking: Hackers use a technique called “juice jacking” to compromise devices. They install malware through a corrupted USB port, which can lock your device or even export all your data and passwords directly to the perpetrator. Since the power supply and data stream on smartphones pass through the same cable, hackers can take control of your personal information.
Data Exposure: Even if the charging station hasn’t been tampered with, charging your mobile phone at an airport can lead to unintentional data exposure. Charging stations can transfer both data and power. While phones prompt users to choose between “Charge only” and “Transfer files” modes, this protection is often bypassed with charging stations. As a result, your device could be vulnerable to data interception or exploitation, which can later be used for identity theft or sold on the dark web.
So, what can you do to safeguard your data? Here are some tips: