Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors.
Cybersecurity experts say critical infrastructure operators can leverage a set of traditional but increasingly innovative security practices to thwart emerging risks associated with major heat waves, massive storms and extreme weather events exacerbated by climate change.
Continuous Diagnostics and Mitigation policies can significantly mitigate destructive cyberattacks that target critical infrastructure industries by proactively identifying and addressing a wide scope of cybersecurity challenges, according to security researchers, from digital intrusions to vulnerabilities in software systems.
As cybercriminals continue to take advantage of climate-induced severe weather incidents, CDM policies can play a pivotal role in addressing these heightened risks by equipping critical infrastructure operators with crucial security tools, like modern access controls and automated vulnerability remediation.
"When we talk about climate resilience, we should also talk about cyber resilience," David Forbes, director of Booz Allen's cyber physical defense division, told Nextgov/FCW, noting how threat actors have targeted electric grids in recent years "as a mechanism to destabilize a region” and create doubt in federal and local governments.
"As higher temperatures strain the grid, the potential for climate change to make America’s power grid more vulnerable to cyberattack is real," he added.
A Government Accountability Office report published in 2021 warned that climate change was expected to have far-reaching effects and urged the Department of Energy and the Federal Energy Regulatory Commission to take action to improve electric grid resilience nationwide. Congress also passed the sweeping bipartisan infrastructure bill that same year that tasked DOE with administering over $62 billion in energy infrastructure investments.
Researchers have long hypothesized about the potential fallout from a major cyberattack connected to an extreme weather event. The American Journal of Medicine published an analysis in 2021 that predicted “catastrophic” consequences for the U.S. health care system in the event of a cyberattack on the electric grid coordinated with a heatwave, noting that “just 2 summer days without power can significantly increase mortality rates.”
Amid emerging cyber threats and new security challenges connected to climate change, electric grid operators are also facing an unprecedented surge in the frequency and intensity of weather-related disruptions.
The number of annual outages linked to severe weather events nationwide more than doubled on average over the last five years compared to the early 2000s, according to a recent analysis, while the rate and length of power failures are at their worst since the Department of Energy began tracking reliability data in 2013.
CDM programs become even more essential during high-stress events like heatwaves and power demand surges, according to Jim McKenney, practice director of industrials and operational technologies for the information technology security firm NCC Group.
"CDM policies and capabilities that support asset management are critical for maintaining the operational integrity of critical infrastructure systems," McKenney told Nextgov/FCW. "By proactively managing hardware and software assets, access privileges and security configurations, CDM effectively safeguards power generation, transmission and distribution networks against both conventional and evolving cyber threats."
While CDM policies can help provide continuous monitoring and further visibility into an organization's computer systems and networks, they are not foolproof, and can miss certain attacks that employ advanced evasion techniques or target vulnerabilities deep beneath the network surface.
To combat an increasingly advanced cyber threat landscape, CDM programs should be further modernized to better mitigate vulnerabilities deep inside application payloads, according to Jeff Williams, co-founder and chief technology officer for the security firm Contrast Security.
"CDM desperately needs to be expanded to the application layer, with technologies like runtime protection, to provide visibility and protection against modern attacks," Williams told Nextgov/FCW. "Even with CDM, organizations are blind to these attacks and rely on slow and expensive vulnerability remediation.”