U.S. Government Aims to Protect Control Systems During a Peak Cyberattack Window

April 12, 2021 by Alessandro Mascellino

The U.S. government unveiled new plans to protect electric utilities, water districts, and other critical control systems from cyberattacks.

Last week, the announcement was made by Anne Neuberger, deputy national security adviser, during an interview with The Associated Press (AP). The upcoming plans may ensure that control systems around the U.S. have the core technology needed to detect and block malicious cyber activity.


Increasing Threat Levels

Neuberger’s announcement refers specifically to vulnerabilities related to the electric grid and water treatment plants and how their exploitation could lead to “catastrophic consequences to American life.” According to the deputy national security adviser, these threats have always existed and are now heightened because most industrial systems are now connected to the internet.

For example, in February, a new advisory from the CISA discovered bugs in Fuji Electric’s industrial systems that would allow attackers to take control of OT/IT convergence equipment. In March, several industrial facilities suffered COVID-19-related hacking attempts and various ransomware attacks.


A graphic from the CISA. Image used courtesy of the CISA


In the same month, a massive hack attributed by the U.S. to Chinese hackers affected thousands of Microsoft Exchange email servers across the country. During her recent interview, Neuberger also mentioned SolarWinds, a series of hacking attempts allegedly executed by suspected Russian actors last December.

According to AP, the attempts targeted the Trump administration’s head of the Department of Homeland Security, together with some department’s cybersecurity employees.


A Five-Step Plan

The SolarWinds hack affected nine agencies last year, and Neuberger mentioned how some of them presented “gaps” in basic cybersecurity defenses. To limit the severity of present and future cyber threats, the deputy national security adviser has outlined five specific modernization efforts.

The specifics of the plan have not been publicly disclosed, but Neuberger directly mentioned the deployment of continuously monitoring technologies and the further spreading of multi-factor authentication solutions.

“Our aim is to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity. That’s it in a sentence. Clear, clean goal, but it’s going to take a lot of work to get there,” Neuberger explained.


Preventing Industrial Cyberthreats 

While waiting for the new measures to be deployed, industrial companies can already limit risks of malicious activity affecting their systems.

Following the guidelines released by the Cybersecurity and Infrastructure Security Agency (CISA) last October, for instance, will significantly aid a company's efforts to prevent ransomware attacks. The deployment of industrial software with known cybersecurity strengths is also worth considering, together with a security-focused choice of USB devices and other inherently safe hardware. 


Honeywell’s SMX platform is designed to protect removable media and USB ports from cybersecurity attacks. Video used courtesy of Honeywell


It is important to notice that security liabilities may not come directly from within a company but from their partners and clients.  In this light, it is worth ensuring companies have the appropriate cybersecurity certifications and measures in place before starting a business relationship with them.

What do you think about cyber threats to industrial systems and the new plans unveiled by the Biden administration? Let us know in the comment section down below.