When the streets of Muleshoe, Texas, flooded with water in January, most people probably didn’t blame Russian hackers.
But that’s exactly who was at blame, according to a report published this week by Google-owned cybersecurity firm Mandiant, which said Russia was responsible for hacks of water utilities in Texas as well as in France and Poland.
The January attack was far from the first to hit U.S. utilities. In December, Fast Company reported on U.S. National Security Council concerns that critical infrastructure providers could pose easy targets for hackers.
But why are they so vulnerable to cyberattacks in the first place?
“They have proven to be a little vulnerable because they are private companies and hence the profit motive prevails,” says Alan Woodward, professor of cybersecurity at the University of Surrey. “Security is seen as a cost center.” That’s borne out by data compiled by the International Energy Agency (IEA) on the power sector, which found that there were more than 1,100 targeted attacks launched across the world in 2022.
The utilities sector seems uniquely understaffed, according to the IEA’s analysis: While the finance and insurance sector accounted for nearly 1% of all cybersecurity job postings in September 2022, and public administration 0.57%, power utilities languished behind at 0.49%. The average wage offered by the utility sector also pales into comparison to competing industries, which could mean it’s losing out on quality candidates.
The U.S. government has also failed to pass a number of legislative attempts to force utilities to adopt minimal cybersecurity standards. As a result, U.S. utilities are comparatively underprotected in comparison to their peers. “Compare that to the U.K. where we have a specialist government agency that focuses on such service providers and assesses them regularly,” Woodward says.
But the utilities sector also bears much of the blame here. “Utilities also have a lot of older equipment as they have lots of embedded systems and these tend to be updated less frequently simply because of scale,” Woodward says. That results in a Frankenstein’s monster of infrastructure that is built on top of shaky systems and is difficult to chart and understand—even for those tasked with doing just that. “People still haven’t got the message that they may be a way into a network,” says Woodward—meaning that some of the vulnerabilities may remain unspotted until they’re exploited by bad actors.
It all adds up to a worry for critical parts of our national infrastructure—and the latest attacks suggest little has changed. Though there is one silver lining: The IEA data shows that utilities boost spending on cybersecurity and hiring in the immediate aftermath of an attack… but then return back to a baseline shortly after.
Autentifică-te pentru a adăuga comentarii
Alte posturi din acest grup
The Consumer Financial Protection Bureau (CFPB), under acting director Russell Vought, canceled proposed new rules this week that would have protected Americans’ sensitive private data—including f
Welcome to AI Decoded, Fast Company’s weekly newsletter that breaks down the most important news in the world of AI. You can sign up to receive this newsletter ever
Students are still setting fire to their Chromebooks for TikTok—and now they’re facing the consequences.
Fast Company first reported on the #ChromebookChallenge trend last
At its annual Google I/O developer conference in Mountain View next week, Google will try to rally developers around one of its next big bets: Android XR.
X users who interacted with the chatbot Grok on Wednesday were confronted with replies about the legitimacy of white genocide in South Africa—often regardless of context.
In one post, a
It’s not just the “gesture” of a $400 million luxury plane that President
