March 6, 2024
The security of our nation’s critical infrastructure continues to be a target for cyber-attacks. These attacks have the potential to cause widespread disruptions and pose significant risks to the daily lives and welfare of everyone in the United States. From manufacturing, and water and energy utilities, to transportation systems, food and beverage production, and healthcare services, these (and other) critical infrastructure industries are in the cross-hairs of State actors and terrorist organizations who have the intention to disrupt the systems that we take for granted.
Vulnerabilities Run Deep in Critical Infrastructure
The recent incidents, such as the attacks orchestrated by the “Cyber Av3ngers,” a hacker group affiliated with Iran’s Islamic Revolutionary Guards Corps designated as a foreign terrorist organization by the U.S. in 2019, underscore the vulnerabilities faced by critical infrastructure. Notably, a recent breach of the Aliquippa Municipal Authority water system in Raccoon Township, Pennsylvania by the Cyber Av3ngers is one of many such recent incidents, serving as a stark reminder of the urgent need to bolster the security measures protecting all critical infrastructure nationwide.
Acknowledging the Threats Is Only the Start
FBI Director Christopher Wray has highlighted the concerning activity of Chinese hackers, positioning themselves to potentially inflict real-world harm on American citizens and communities, “if or when China decides the time has come to strike.” Such statements reaffirm the gravity of the situation and the necessity for proactive measures to safeguard critical infrastructure. Director Wray went on to tell U.S. lawmakers:
“There has been far too little public focus on the fact that PRC [People’s Republic of China] hackers are targeting our critical infrastructure — our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems. And the risk that poses to every American requires our attention now.”
Involvement of MCGA
Mission Critical Global Alliance (MCGA) is at the forefront of efforts to raise awareness regarding the escalating cybersecurity threats facing our critical infrastructure. MCGA focuses on empowering the workforce in these sectors with the necessary skills and knowledge to help mitigate cyber threats.
MCGA's Recommendations for Action
MCGA strongly advises that all critical infrastructure entities immediately assess any remote access capabilities by the following:
People – Ensure all employees are equipped to anticipate, identify, and respond to cybersecurity incidents. Regular testing and maintenance of incident response and business continuity procedures are imperative.
Process – Develop and maintain written policies that ensure security across all operational processes including operational technology (OT) systems. Stringent access control, regulated data flow, and restricting remote network accessibility policies should be given priority.
Technology – Implement a secure information technology/operational technology (IT/OT) architecture and deploy vetted and maintained software solutions. This involves the removal of unnecessary ports and applications to minimize the attack surface and mitigate vulnerabilities effectively.
Emphasis on Workforce Training
MCGA advocates for the implementation of comprehensive workforce training and awareness programs as an overall cybersecurity strategy in support of critical infrastructure operations. Management should mandate an organizational culture that fosters cybersecurity awareness. This encompasses staying abreast of evolving cybersecurity concepts, standards, and operations, as well as prioritizing safety, physical security, risk management, and emergency response preparedness.
By prioritizing cybersecurity measures and investing in employee education, we can fortify the stability and security of our critical infrastructure, thus ensuring the continued safety and well-being of our communities.
About MCGA
Business leaders, government, and industry turn to Mission Critical Global Alliance (MCGA) as a trusted resource dedicated to enhancing the resilience of mission critical infrastructure through our expertise in advocacy, skills standards development, education, research, workforce development, and professional certifications. MCGA is a 501(c)3 nonprofit organization.
Media Contact
Kevin Edwards, media@mcgalliance.org