Why risks abroad should displace special priorities from districts at home


AT&T and Government technology hosted a Fireside Chat from Special Districts Live in April with Christopher Krebs, former director of the Federal Cybersecurity and Infrastructure Security Agency (CISA). Krebs, who served as director of CISA from 2018 to 2020, explained how conflict abroad can impact essential services provided by special districts and on which society has come to rely. Krebs explained how to protect our country’s critical infrastructure and why it is urgent to prioritize these efforts now.

Prepare for disruptive attacks

Special districts — especially critical infrastructure operators — should prepare for an increase in disruptive cyberattacks linked to Russia’s war on Ukraine, Krebs warned. He said Russian cyber operations could start targeting the United States and its NATO allies in retaliation for tougher economic sanctions on Russia and increased military aid to Ukraine.

“There is a belief that Russia might start causing us pain here,” said Krebs, who is now a private cybersecurity consultant.

Krebs called President Biden’s March warning of the growing potential for retaliatory disruptive cyberattacks against US critical infrastructure unprecedented.

“I don’t think I’ve ever seen a President of the United States take the podium and talk about an actor’s intention to hit us with those kind of urgent messages,” he said.

Speaking at the White House on March 21, Biden said “evolving intelligence” indicates the Russian government is exploring options for malicious cyber activity in response to crippling economic measures imposed by the United States and its partners. “It’s part of Russia’s playbook,” Biden said.

Krebs urged district leaders to take federal cybersecurity warnings seriously. In particular, he pointed to an alert regarding possible threats to satellite communications networks issued jointly by CISA and the FBI in March. These networks are commonly used by water districts, electricity providers and other critical infrastructure operators to connect remote facilities.

“They don’t issue these alerts just for fun; they’re trying to send a message,” Krebs said. “So you really have to think about how you set up your operational technology.”

He said special districts should work to reduce the risks associated with internet-connected control systems and eliminate vulnerabilities such as default passwords on technology hardware.

Everyone is a target

Financially motivated cybercrime, such as ransomware and social engineering attacks, also continues to increase, both because these activities are extremely profitable and organizations are more vulnerable than ever due to the growth of work to distance and digital services due to the pandemic.

“We now use devices in places where five or six years ago we would never have connected to Wi-Fi,” Krebs said.

Again, global tensions could fuel criminal activity affecting special districts. Krebs said continued economic pressure on Russia could lead to an increase in financially motivated cybercrime by stifling other revenue streams.

“You can see more and more actors resorting to cybercrime…because they have no legitimate way to raise money,” Krebs said. “That is, in fact, the model that North Korea used. They funded their entire nuclear program using cybercrime.

These financially motivated attacks often target small and medium-sized businesses with less sophisticated security defenses. Community water and energy districts – which have a strong incentive to pay ransoms to avoid the disruption of essential services – could be particularly at risk.

“Forwarders aren’t looking for a big win,” Krebs said. “They buy in volume, going after targets that lack security resources and are reluctant to tolerate any kind of downtime. »

Fill gaps

New investments in cybersecurity are part of the solution to growing cyberattacks, Krebs said, adding that more resources are available through security funding from the Infrastructure Investment and Jobs Act and federal programs. prior COVID relief. Small agencies can use this funding, along with free security services available from CISA and other federal agencies, to bolster their defenses.

He urged special districts of all sizes to ensure transparency and accountability from their security technology providers. This is especially important for cloud-based services, which have become more common in government since the start of the COVID-19 pandemic.

“You need to ask them about their security processes — what they can detect, what they can alert on, and what their response looks like,” Krebs said.

He also called for new federal government initiatives to combat cybercrime, including regulating cryptocurrencies — which are typically used to make ransomware payments — and confronting countries that harbor cybercriminals.

Attackers operating in Russia or other Eastern European countries rarely pay the price for their crimes, Krebs said. “We need to work with foreign governments – not just our allies, but also those like Russia – to make sure they understand this is not acceptable behavior, and we are going to hold them accountable.”

Prioritize risk

Ultimately, leaders must prioritize security improvements to address the heightened threat environment. For example, Krebs said, special districts might need to accelerate timelines for rolling out multi-factor authentication or other cyber protection measures and delay planned business initiatives.

“Right now — especially now with the Russian invasion — leaders may need to override business decisions that expose the organization, its workforce and its stakeholders,” he said. “It’s anything but business as usual.”

Leave a Reply