Electricity, transportation, water, communications – these are just some of the systems and assets that keep the world functioning. Critical infrastructure, a complex interconnected ecosystem, is what props entire countries up and is vital for the functioning of society and the economy. This is why it is under attack. Threat actors, usually nation-state backed, know this very well. By taking down the poorly protected power grid of a city or even a country, cyber attackers cannot only cause mass chaos, but any threat to the critical infrastructure sectors could have potentially debilitating national security, economic and public health or safety consequences.
It is evident that cyberattacks targeting critical infrastructure have become the new geopolitical weapon. Across the globe, countries are seeing these attacks rising rapidly. In fact, the North American Electric Reliability Corporation (NERC) reported in early 2024 that the number of vulnerable U.S. power grids is increasing at an approximate rate of 60 per day. Additionally, the U.S. Department of Energy found that grid security incidents reached an all-time high in 2023.
But it is not just in the United States that critical infrastructure such as power grids, water supplies, or communications are being targeted. According to a November 2023 report from the International Energy Agency (IEA), weekly global cyberattacks against utilities more than doubled from 2020 to 2022 – in just two years.
So, why are we seeing this rise in critical infrastructure as a target?
Unlike financially-motivated threat actors, hackers targeting these critical systems are not seeking information in order to leverage a ransom. Instead, they are looking for access to the integral puzzle-pieces of enemy nations’ power, water and more, for the purposes of disruption, terrorism and/or espionage. The hackers conducting these attacks are typically backed by nation-states from one of the big four: China, Russia, Iran and North Korea.
There have been several of these attacks over the years, each with terrifying implications; but thankfully not yet overly successful. In 2021, the Colonial Oil pipeline was famously hit in a huge ransomware attack. Considering the pipeline supplies a significant portion of gas and fuel to the East Coast of the United States, this resulted in a state of emergency to be declared in four different states when the pipeline was forced to be offline for 11 days. This attack was carried out by the Russian hacker group DarkSide and is just one example of note.
The serious reality is that critical infrastructure is almost constantly being attacked globally, even if it is not being talked about in the news. According to Forescout Research – Vedere Labs, from January 2023 to 2024, critical infrastructure was attacked more than 420 million times across 163 countries. While the U.S. has been the main target, many other countries like the UK, Germany and Japan, have also been highly impacted.
These rising attacks come in the context of the larger cybersecurity war in progress. In May 2023, the U.S. government determined that an intrusion impacting a U.S. port had come from a Chinese-backed government hacking group. Indeed, the inspectors tasked with looking into this intrusion found that several other networks had been hit, including some within the telecommunications sector in Guam. In Guam, there is a U.S. military base that would likely be a primary point of American response in the case of a Chinese invasion of Taiwan. The intrusion from the Chinese government had been a web shell allowing remote access to servers and, if successful, the intrusion likely would have aimed at electric grids, gas utilities, communications, maritime operations and transportation systems — all with the goal of crippling military operations.
For organizations that supply even the smallest amount of support in the enormously interconnected global infrastructure network, it is high time to become serious about protecting society as we know it. So far, critical infrastructure attacks have yet to be truly catastrophic. However, at the rate these attacks are increasing, the next level of global disruption is inevitable.
What is important to note as well is it is not just major infrastructure organizations that need to be concerned, but smaller businesses that are a part of the vast network of utilities, electricity, water, power and more. These businesses have the potential to be taken advantage of as the entry point for crafty-enough and malicious-enough nation-state backed cyber actors.
Governmentally and diplomatically, geopolitical cybersecurity risks must be understood. In addition, businesses and individuals must place a priority on comprehending what the risks of these attacks are and how they can prevent them because in the end, it is going to be the individuals who are impacted.
Like in physical wars, it is going to be the citizens who pay the price. If one of these critical infrastructure attacks is successful enough to cause a catastrophe, it is going to be the people who will suffer from a lack of water, power loss or other resources. For this reason, it is the people who must spearhead a shift to global cybersecurity preparedness.
Ad