The Internet powers the United States’ critical infrastructure. Every day, Americans connect to the national grid without realizing it. Consumers use their smartphones, tablets, and computers to conduct online banking or place an online medication order using a medical insurance provider, for example. Similarly, truckers, chemists, politicians, and others all interact with the U.S. critical infrastructure whenever they connect to their companies’ networks.
Such connectivity doesn’t come without its risks, however. According to a survey conducted by the Ponemon Institute on behalf of American global information technology company Unisys, 70% of companies that strive to meet the world’s water, power utilities, and other critical infrastructure needs have reported at least one security incident in which they lost data or suffered disruptions to their data. Those attacks include infections at the hands of regular info-stealers as well as more advanced threats like Industroyer, sophisticated malware which can cause “significant harm” to electric power systems and damage other critical infrastructure.
These threats aren’t expected to go anywhere, either. In 2015, American global advanced technologies company forecasted that 440 million new hackable points would connect to the grid by year’s end. This number has no doubt grown years since, thereby expanding the U.S. critical infrastructure’s attack surface.
Ken Van Meter, client partner at Capgemini and former principal of energy and cyber services at Lockheed Martin, put it this way to ZDNet:
“Every smart meter is going to be a hackable point. There are devices and routers in all of the substations that are hackable. Automated devices at home all become hackable points. We’re making the whole network from generation to distribution and meter fully automated, so that’s hackable. If you can communicate with it, you can hack it.”
Fortunately, ordinary users can take certain steps to protect themselves online. Depending on where they work, these same measures can also help defend the United States’ critical infrastructure against digital threats. None of them are difficult to implement, and all of them involve common sense.
- Exercise caution around suspicious links and email attachments: Bad actors are known to leverage links in an effort to steal users’ login credentials or infect their computers. Users should therefore take extra care around suspicious links and email attachments. They can do so by hovering over unfamiliar URLs and never enabling macros in Microsoft Office documents.
- Install an anti-virus solution on all web-connect devices: Some threats expertly leverage phishing and other attack vectors to evade our suspicions. Fortunately, users can defend against these sneaky threats by installing an anti-virus solution on their computers, mobile devices, and other eligible devices that regularly connect to the web.
- Patch your systems regularly: Malicious software packages known as exploit kits like to scan machines for unpatched vulnerabilities. If they find an open issue, they can abuse it to install malware or ransomware onto the exposed computer. Users can protect against exploit kits by patching their systems regularly of any known security issues.
- Turn on additional security measures: If users can enable additional security measures to protect their web accounts, they should go ahead and turn them on. Those optional features include two-step verification (2SV) through which users must enter in a SMS code received by their mobile device to complete the login process after entering in their username and password.
For more information on the threats confronting the United States’ critical infrastructure and what users can do about them, please see this infographic.
Author Bio: David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News, Associate Editor for Tripwire’s “The State of Security” blog and writes content for Venafi.
David Bisson is a guest blogger, all opinions are his own.