Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications, and power along with other networks and systems. A disruption to this system, some of which may be connected to the internet, can have significant and catastrophic consequences for our nation. Securing our nation’s critical infrastructure is therefore our shared responsibility. The Department of Homeland Security (DHS: Critical Infrastructure Security) offers several resources for the public to use in being proactive towards our security.
Click here for tips on protecting Critical Infrastructure.
WannaCry attack
Many people are aware of the devastating WannaCry ransomware attack last May that effected more than 200,000 computers.
This ransomware attack was devastating to the healthcare industry in particular, infecting MRI scanners, blood-storage refrigerators, and other much needed equipment. As a predecessor to WannaCry, Peyta (now considered a Wiper, instead of ransomware) propagated via email attachments. A newer version of Petya (aptly named “NotPetya”) is famous for wreaking havoc upon windows-based systems, and propagated more in a more sophisticated and effective fashion via the EternalBlue exploit. NotPetya inflicted permanent damage to victims, and, even though the main targets were actually Ukranian, two US healthcare IT systems were disrupted.
ASCII skull and crossbones displayed as part of the original payload of Petya.
Both of these attacks raised awareness and caused many companies to tighten their security and educate their employees. It shouldn’t take a devastating attack to show us how important security and security awareness are. That’s like buying insurance after getting in a car wreck! Proactivity and awareness regarding our nation’s security can be the difference between safety and another devastating attack. It is important that we all recognize this shared responsibility and take all necessary steps to prepare.
Additional Resources:
The Department of Homeland Security offers resources for companies to better educate their employees, choose physical and cyber risk management products and plans, and instructions for reporting suspicious activity. Click this link for Critical Infrastructure Resources.