The recent retirement of Equifax CEO Richard Smith – after a data breach at the credit reporting bureau put the personal information of as many as 143 million Americans at risk – is just the latest development in an ongoing story that represents an urgent call for cybersecurity action.
Our critical infrastructure centers are at grave risk for technological or digital disruption, more commonly known as hacks. A single hack on any one of these targets could severely imperil the health, financial well-being and security of the American people.
Members of Congress, state attorneys general, security experts and citizens need to strive to understand and mitigate the terrible impacts of the hack, because these impacts could last for years.
The privacy of Social Security, driver’s license and credit card numbers were all endangered by the Equifax hack. So were home addresses and dates of birth of roughly half the U.S. population.
Experts have been quick to identify what has been labeled the “Equi-hack” as a Level 10 (the highest number on a scale of 1 to 10) threat to identity and information security.
The depth and breadth of the Equi-hack underscores the urgent need for private sector leaders – including those at my company, Parsons – to confront and prevent cyberattacks across a wide spectrum of vulnerabilities.
While credit cards numbers, dates of birth and addresses were the target of the Equi-hack, imagine a devastating cyberattack on America’s critical infrastructure. Electric grids, dams, mass transit systems and air traffic control centers are all vulnerable.
While credit cards numbers, dates of birth and addresses were the target of the Equi-hack, imagine a devastating cyberattack on America’s critical infrastructure. Electric grids, dams, mass transit systems and air traffic control centers are all vulnerable.
And these are just some infrastructure centers where the Internet of Things, blockchain, artificial intelligence and machine learning now play a major role in the management and delivery of critical services. These new innovations create new digital weak points to be exploited by bad actors.
A simple network connection and a single swipe on a touchpad can be entry points to an infrastructure attack. For example, a 2016 U.S. Justice Department indictment revealed that a hacker loyal to the Iranian government allegedly gained access to the control system of Bowman Avenue Dam in upstate New York through an inexpensive cellular modem.
At the federal level, the U.S. Senate recently took a step in the right direction when it passed the $700 billion National Defense Authorization Act with several amendments that address cybersecurity issues – including critical infrastructure.
But the stakes here are enormous and it’s up to the private and public sectors to work together to maintain the momentum.
The vast control systems of infrastructure throughout America are often outdated, having been installed long before cybersecurity was an urgent threat to our small towns and big cities alike.
Updating these systems is a proverbial race against the clock and there must be greater collaboration between the private and public sectors to get the job done. The pace with which the infrastructure industry and government agencies embrace security innovation must rapidly increase.
State and municipal agency partnerships with private companies can offer government entities vastly expanded access to the new technologies and cutting edge know-how required to ensure that America’s critical infrastructure is ready and resilient should cyberattacks take place.
For instance, new technologies and algorithms allow engineers and cybersecurity professionals to address vulnerabilities within critical infrastructure facilities and systems. Cybersecurity solutions such as vulnerability and penetration testing can identify digital weak points in a facility or system.
By identifying, then assessing and ultimately exploiting critical infrastructure vulnerabilities, cybersecurity experts can design, test and implement security for critical networks and infrastructure – not just in response to immediate dangers but to future threats as well. That means access will be denied to hackers.
A little-known bit of World War II history tells us that Nazi spies plotted to blow up the Hoover Dam. Today, it is not alarmist to say that a lack of partnership between the private sector and state and municipal agencies, leading to a lack of investment in infrastructure cybersecurity, could result in a catastrophic hack of a pipeline, dam or nuclear power plant. The time is now to join forces and work together to ensure America’s security.