Good Cyber Hygiene Seen Vital In Protecting US Infrastructure

Call Made For Robust Cybersecurity Practices

America’s Director of National Intelligence, Avril D. Haines, a key figure in the ongoing battle to protect America’s critical infrastructure from cyber threats, has underscored the importance of good cyber hygiene as a significant deterrent against adversary interference.

Her testimony before the Senate Armed Services Committee on Capitol Hill on May 2, 2024, was a powerful reminder of robust cybersecurity practices’ pivotal role in the United States’ national security.

Haines underscored that adopting practices like regularly changing passwords and promptly applying software security patches can substantially mitigate the risk of America’s adversaries infiltrating and disrupting vital infrastructure systems such as power grids, water supplies, and gas networks.

She noted that in numerous instances where adversaries had successfully breached US infrastructure systems, adherence to good cyber hygiene could have thwarted their efforts.

“This year, cyber actors are targeting US industrial control systems, which are pivotal in automating industrial processes, at unprecedented levels,” stated Haines.

Critical Infrastructure

She elaborated that critical infrastructure sectors heavily rely on these systems, encompassing water, wastewater, food production, agriculture, defence, energy, and transportation.

Despite the relatively low likelihood of any single attack causing widespread disruption to critical services, the escalating frequency of attacks and the adversaries’ growing proficiency in manipulating control systems heighten the collective risk of a significant impact.

Haines reiterated that most cyberattacks targeting US critical infrastructure exploit specific vulnerabilities, such as default or weak passwords, unpatched software vulnerabilities, and inadequately secured network connections.

These are often simple techniques, but their exploitation can have devastating consequences. This underscores the shared responsibility of system owners and maintainers to bolster defences against cyber threats.

“In virtually all the attacks we’ve witnessed against US critical infrastructure, cyber actors exploited vulnerabilities stemming from default or weak passwords, unpatched software vulnerabilities, and poorly secured network connections to orchestrate relatively straightforward attacks,” asserted Haines.

“Therefore, it is imperative that all stakeholders, particularly critical infrastructure owners and operators, enhance their cybersecurity posture to mitigate susceptibility to such threats.”

Ransomware Attacks Surge 74%

Haines highlighted the alarming global surge in ransomware attacks, which have increased by up to 74% over the past year. This underscores the pressing need for vigilance and proactive measures to safeguard against cyber threats. The time for action is now.

Echoing Haines’s concerns, US Air Force Lt. Gen. Jeffrey A. Kruse, director of the Defence Intelligence Agency (DIA), emphasised the imperative of shielding DIA networks from a broad spectrum of cyber adversaries, ranging from foreign intelligence entities to insider threats.

Kruse stressed: “This includes the sophisticated capabilities of state actors, such as Russia and China, and rogue cyber actors loosely aligned to governments.

“In addition to the growing threat to critical infrastructure in local governments, this threat directly endangers our defence industrial capabilities, our hard-won technological and military advantages, our allies and partners, and our future defence operations. We must partner, invest and integrate in new ways to secure what we value and safeguard: the assured resiliency of our networks, the data and the people.”

As the US confronts the evolving cyber warfare landscape, the relentless adoption of robust cybersecurity practices emerges as a linchpin in fortifying the country’s critical infrastructure against adversarial incursions, safeguarding national security and economic vitality.

Featured image: Robust cybersecurity practices are pivotal in the United States’ national security. Credit: US Department of Defence