Impact of Cyber Attacks on US Infrastructure
In the early hours of Tuesday morning, a Singaporean-flagged cargo ship collided with the supports of the Francis Scott Key Bridge in Baltimore, Maryland, causing the bridge to collapse. The vessel, known as the M/V Dali, was observed experiencing a total loss of power on at least two occasions prior to the crash, raising concerns about the incident.
Underlying Factors
However, the incident reveals a deeper and more concerning issue at play. Recent reports from a CISA conference in February 2024 shed light on how the US government has confirmed that China has infiltrated US infrastructure through cyber attacks, with the transportation sector being a prime target. The cyber actors involved, identified as a state-sponsored group from the People’s Republic of China (PRC), have compromised critical infrastructure sectors, including communications, energy, transportation, and water resources, across the United States and its territories.
The CISA advisory, jointly published with the NSA and FBI, details the malicious activities of the PRC cyber actors, such as the group known as Volt Typhoon, and provides guidance on how organizations should respond to mitigate the risks posed by such cyber threats. The advisory emphasizes the strategic shift in PRC cyber operations from espionage to potential disruptive cyber attacks on US critical infrastructure, with a specific focus on using “living off the land” techniques to evade detection by traditional security measures.
Recommendations and Urgency
To address the growing cyber threats posed by entities like Volt Typhoon, CISA and its partners issued a comprehensive joint advisory and guidance document to help organizations identify and counteract these sophisticated cyber techniques. The advisory emphasizes the importance of adopting a multi-faceted approach that combines behavior analytics, anomaly detection, and proactive hunting to detect and mitigate malicious cyber activities effectively.
The CISA Director, Jen Easterly, emphasized the real-world impact of the PRC cyber threat, highlighting successful response efforts to remove Volt Typhoon intrusions from critical infrastructure. The advisory serves as a call to action for all critical infrastructure organizations to implement the recommended measures and report any suspicious activity to CISA or the FBI.
Collaboration and Response
The joint advisory and guidance were issued collaboratively by several government agencies, including the DOE, EPA, TSA, as well as international partners from Australia, Canada, the UK, and New Zealand. This coordinated effort underscores the global nature of cyber threats and the need for collective action to combat cyber attacks effectively.
In light of the recent cyber security warning issued just last month, it is perplexing to hear government officials dismiss the Francis Scott Key Bridge incident as a non-malicious event. The incident raises questions about the preparedness and response mechanisms in place to address emerging cyber threats targeting critical infrastructure.
Image/Photo credit: source url