A fear of just about everyone, from local municipalities to the federal government to private citizens, is cyberattacks on critical infrastructure.
Trend Micro this week released a report touching on the topic that came to a somewhat surprising conclusion. Smaller municipalities are leaving themselves more vulnerable than larger ones. Network World’s report on the study said that the most vulnerable cities included such small locales as Clarksville, Tenn.; Hopkinsville, Ky.; and Fairfield, Conn. This result may not be as counterintuitive as it first seems, however. The commentary provides a reasonable explanation: Smaller cities may not have as large a budget or as much expertise as bigger entities.
Ransomware, of course, is one of the key threats. One of the takeaways from RSA Conference 2017, according to eWeek, is that these ransomware criminals are aiming at more potentially lucrative targets, including public infrastructure and industrial control systems. The story on the conference, which is being held this week, cited ransomware attacks on the San Francisco MUNI system and police closed circuit cameras in Washington, DC, as examples of the increased interest.
The attraction of these systems is probably partly psychological. Inconveniencing, or even endangering, as many people as possible somehow suits them. The financial element is strong as well:
Industrial control systems present inviting targets because lives, or at least the public well-being — are at stake in the ensured continuous operation of public systems, such as transportation, the water supply or the electrical grid. With these targets, ransomware criminals can demand more money under tighter deadlines.
A recent report from the government’s General Accounting Office (GAO), which was also released this week, will probably make few people feel more secure. The report, which highlights shortcomings in the protection of federal information systems and cyber critical infrastructure, identifies significant problems that must be addressed. The conclusions are comprehensive and, collectively, suggest an infrastructure that is struggling to keep up with the threats.
It is not a picture that bodes well for the immediate future: The protection of assets is haphazard and cybercriminals are growing more confident and ambitious in their selection of targets. The obvious response should be to more aggressively meet these challenges at the corporate, local, state and federal levels. Whether that will be done remains to be seen.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at email@example.com and via twitter at @DailyMusicBrk.